TechSpot

Help with Laptop

By ajdsouza
Jun 4, 2015
  1. As instructed by Broni
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    Please observe forum rules. All logs have to be pasted not attached.
     
  3. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
    Ran by Akshay (administrator) on AKSHAY-PC on 04-06-2015 20:39:35
    Running from C:\Users\Akshay\Desktop
    Loaded Profiles: Akshay (Available Profiles: Akshay)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Spotify Ltd) C:\Users\Akshay\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
    (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
    (Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
    (Spotify Ltd) C:\Users\Akshay\AppData\Roaming\Spotify\Spotify.exe
    (Spotify Ltd) C:\Users\Akshay\AppData\Roaming\Spotify\Spotify.exe
    (Spotify Ltd) C:\Users\Akshay\AppData\Roaming\Spotify\Spotify.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\config\systemprofile\sndvol.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Microsoft Corporation) C:\Windows\System32\perfmon.exe
    (BitTorrent Inc.) C:\Users\Akshay\AppData\Roaming\uTorrent\uTorrent.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Skype Technologies S.A.) C:\Windows\Temp\avast_ash\Skype\skype.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2878728 2014-04-16] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
    HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
    HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4878752 2014-11-19] (Intel(R) Corporation)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
    HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-04] (Avast Software s.r.o.)
    HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\ba70b28e-556a-4735-9a00-b1cd059d59bf.exe [183232 2015-06-04] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [krmpib] => "C:\Windows\System32\rundll32.exe" "C:\Users\Akshay\AppData\Roaming\krmpib.dll",List_Append <===== ATTENTION
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [Spotify Web Helper] => C:\Users\Akshay\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-01] (Spotify Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [Google Update] => C:\Users\Akshay\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-06] (Google Inc.)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [Spotify] => C:\Users\Akshay\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-06-01] (Spotify Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [uTorrent] => C:\Users\Akshay\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [GoogleChromeAutoLaunch_A8AAF008C3666D54563FD635A6C1F11A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2015-04-30] (Nota Inc.)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe [623792 2015-04-15] (Adobe Systems Incorporated)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\MountPoints2: {3423850d-95f2-11e4-ae08-685d43f2a0f7} - E:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\MountPoints2: {6a96cd9c-de1c-11e1-be67-806e6f6e6963} - D:\autorun.exe
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\MountPoints2: {9242d172-f277-11e4-8680-806e6f6e6963} - D:\autorun.exe
    Startup: C:\Users\Akshay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2015-05-04]
    ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-04] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyServer: [S-1-5-21-2090909380-4087199382-2303749201-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
    SearchScopes: HKLM -> DefaultScope {BCDA109D-38D2-4DA3-84F5-43A348A94C54} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {BCDA109D-38D2-4DA3-84F5-43A348A94C54} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {BCDA109D-38D2-4DA3-84F5-43A348A94C54} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000 -> {BCDA109D-38D2-4DA3-84F5-43A348A94C54} URL =
    SearchScopes: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-04] (Avast Software s.r.o.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
    BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
    BHO-x32: No Name -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> No File
    BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-12-17] (Perfect World Entertainment Inc)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-04] (Avast Software s.r.o.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
    Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
    Toolbar: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
    Winsock: Catalog5 01 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & ' ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 05 mswsock.dll File Not ' & $found1 & ' ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Akshay\AppData\Roaming\Mozilla\Firefox\Profiles\j0nrwl47.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-04] ()
    FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-04] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-12-17] (Perfect World Entertainment Inc)
    FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2013-01-04] (Tencent)
    FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll [2011-12-22] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2090909380-4087199382-2303749201-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2090909380-4087199382-2303749201-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2090909380-4087199382-2303749201-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-08-24] ()
    FF user.js: detected! => C:\Users\Akshay\AppData\Roaming\Mozilla\Firefox\Profiles\j0nrwl47.default\user.js [2013-05-03]
    FF Extension: DownloadTerms - C:\Users\Akshay\AppData\Roaming\Mozilla\Firefox\Profiles\j0nrwl47.default\Extensions\cxfnl@nxazbwxrbgsgfqqp.net [2013-05-03]
    FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2015-03-01]
    FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net [2015-03-01]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-04]
    FF HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Firefox\Extensions: [{03DCCC24-08BE-11E2-8271-B8AC6F996F26}] - C:\Users\Akshay\AppData\Local\{03DCCC24-08BE-11E2-8271-B8AC6F996F26}
    FF Extension: Mozilla Safe Browsing - C:\Users\Akshay\AppData\Local\{03DCCC24-08BE-11E2-8271-B8AC6F996F26} [2012-09-27]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-13]
    CHR Extension: (Google Search) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-13]
    CHR Extension: (Google Cast (Beta)) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2015-05-26]
    CHR Extension: (Youtube to MP3 Converter - High Quality) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllepdkfbbinindpblacdckjaflfjdmj [2013-03-11]
    CHR Extension: (Avast Online Security) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-04]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-22]
    CHR Extension: (Reload All Tabs) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2013-10-10]
    CHR Extension: (Google Mail Checker) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-02-28]
    CHR Extension: (Google Wallet) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-22]
    CHR Extension: (Gmail) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-13]
    CHR HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oleomanaehojaiigacblenknbkhfdicd] - C:\Users\Akshay\AppData\Local\CRE\oleomanaehojaiigacblenknbkhfdicd.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-04]
    CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-03-25]
    CHR HKLM-x32\...\Chrome\Extension: [oleomanaehojaiigacblenknbkhfdicd] - C:\Users\Akshay\AppData\Local\CRE\oleomanaehojaiigacblenknbkhfdicd.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [pdelhcfcejepbjakfabeapgdnkpilnik] - C:\Users\Akshay\AppData\LocalLow\Playbryte\Chrome.crx [Not Found]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-17] (Perfect World Entertainment Inc)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-04] (Avast Software s.r.o.)
    S4 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
    S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] ()
    S4 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-05-18] (Conexant Systems, Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
    S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
    S4 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [24064 2012-12-14] () [File not signed]
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-10] ()
    S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
    S4 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-04-09] () [File not signed]
    R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-05-22] ()
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
    S2 fa6789c5; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\VideoCnv\Zet.dll",serv

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-04] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-04] (Avast Software s.r.o.)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-04] (Avast Software s.r.o.)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-04] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-04] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-04] ()
    S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2014-11-18] ()
    R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
    R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [350096 2012-02-14] (EldoS Corporation)
    S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-04-23] (Phoenix Technologies) [File not signed]
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-23] (DT Soft Ltd)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
    R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-05-20] ()
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
    S3 MEMACC; C:\Windows\SysWOW64\drivers\memacc.sys [33664 2015-05-04] (Zeal SoftStudio) [File not signed]
    R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)
    R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11523584 2014-12-19] (Intel Corporation)
    R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.)
    S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
    S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
    S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
    S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
    S3 zntport; C:\Windows\SysWOW64\drivers\zntport.sys [13880 2015-05-04] (Zeal SoftStudio)
    S1 aqtnffop; \??\C:\Windows\system32\drivers\aqtnffop.sys [X]
    S3 btmaudio; system32\drivers\btmaud.sys [X]
    S1 chkthdxn; \??\C:\Windows\system32\drivers\chkthdxn.sys [X]
    S1 dbtbsvbo; \??\C:\Windows\system32\drivers\dbtbsvbo.sys [X]
    S1 fcqywial; \??\C:\Windows\system32\drivers\fcqywial.sys [X]
    S1 forkbcii; \??\C:\Windows\system32\drivers\forkbcii.sys [X]
    S1 fszikxaw; \??\C:\Windows\system32\drivers\fszikxaw.sys [X]
    S1 hywfauij; \??\C:\Windows\system32\drivers\hywfauij.sys [X]
    S1 ihtaguig; \??\C:\Windows\system32\drivers\ihtaguig.sys [X]
    S2 IOPort; \??\C:\Windows\system32\drivers\ioport.sys [X]
    S3 iscFlash; \??\C:\Users\Akshay\AppData\Local\Temp\7zS9B0A.tmp\iscflashx64.sys [X]
    S1 jlkchmtu; \??\C:\Windows\system32\drivers\jlkchmtu.sys [X]
    S1 ksbgamje; \??\C:\Windows\system32\drivers\ksbgamje.sys [X]
    S1 ksvlpruc; \??\C:\Windows\system32\drivers\ksvlpruc.sys [X]
    S1 lmbvbocc; \??\C:\Windows\system32\drivers\lmbvbocc.sys [X]
    S1 lqcnsrvv; \??\C:\Windows\system32\drivers\lqcnsrvv.sys [X]
    S1 lwvlbayh; \??\C:\Windows\system32\drivers\lwvlbayh.sys [X]
    S1 mbgmwtri; \??\C:\Windows\system32\drivers\mbgmwtri.sys [X]
    S2 MemPort; \??\C:\Windows\system32\drivers\memport.sys [X]
    S1 pfmpzctj; \??\C:\Windows\system32\drivers\pfmpzctj.sys [X]
    S1 rdmjzans; \??\C:\Windows\system32\drivers\rdmjzans.sys [X]
    S1 usywefga; \??\C:\Windows\system32\drivers\usywefga.sys [X]
    S1 wmcttkhs; \??\C:\Windows\system32\drivers\wmcttkhs.sys [X]
     
  4. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-04 20:39 - 2015-06-04 20:39 - 00034267 _____ C:\Users\Akshay\Desktop\FRST.txt
    2015-06-04 20:39 - 2015-06-04 20:39 - 00000000 ____D C:\FRST
    2015-06-04 20:32 - 2015-06-04 20:32 - 00003212 _____ C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe
    2015-06-04 20:29 - 2015-06-04 20:29 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\AVAST Software
    2015-06-04 20:27 - 2015-06-04 20:27 - 00001884 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-06-04 20:27 - 2015-06-04 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-06-04 20:26 - 2015-06-04 20:26 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-06-04 20:26 - 2015-06-04 20:26 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-06-04 20:26 - 2015-06-04 20:25 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-06-04 20:25 - 2015-06-04 20:25 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-06-04 20:25 - 2015-06-04 20:25 - 00000000 ____D C:\Program Files\AVAST Software
    2015-06-04 20:24 - 2015-06-04 20:24 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\wbruuqvt.sys
    2015-06-04 20:24 - 2015-06-04 20:24 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-06-04 20:22 - 2015-06-04 20:22 - 02108928 _____ (Farbar) C:\Users\Akshay\Desktop\FRST64.exe
    2015-06-04 20:21 - 2015-06-04 20:24 - 152923328 _____ (Avast Software s.r.o.) C:\Users\Akshay\Downloads\avast_free_antivirus_setup.exe
    2015-06-04 17:23 - 2015-06-04 17:32 - 00000000 ____D C:\Users\Akshay\Downloads\Workaholics - The Complete Season 3 [HDTV]
    2015-06-04 05:25 - 2015-06-04 05:25 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-04 05:21 - 2015-06-04 05:24 - 08436976 _____ (Auslogics Labs Pty Ltd ) C:\Users\Akshay\Downloads\fix-my-pc-setup.exe
    2015-06-03 22:43 - 2015-06-04 15:31 - 00003106 _____ C:\Windows\System32\Tasks\WinThruster
    2015-06-03 22:42 - 2015-06-03 22:42 - 00003122 _____ C:\Windows\System32\Tasks\DriverDocRunAtStartup
    2015-06-03 10:42 - 2015-06-03 10:42 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\qsistwrb
    2015-06-03 00:27 - 2015-06-03 00:27 - 00000000 ____D C:\Program Files (x86)\Dell Update
    2015-06-02 23:05 - 2015-06-02 23:05 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\jzeslyss
    2015-06-01 18:10 - 2015-06-01 18:10 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\cucqngon
    2015-05-28 13:50 - 2015-05-28 13:50 - 00000000 ____D C:\Users\Akshay\Downloads\South Park Season 5 DvDrip-McTav
    2015-05-28 13:11 - 2015-05-28 13:12 - 00000000 ____D C:\Users\Akshay\Downloads\South Park Season 4 DvDrip-McTav
    2015-05-28 05:41 - 2015-05-28 05:41 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\hsivjymo
    2015-05-26 09:20 - 2015-05-26 09:20 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\qlmwehsc
    2015-05-26 08:26 - 2015-05-26 08:26 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\pnbpyjpr
    2015-05-26 08:01 - 2015-05-26 08:01 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\rpjqnoov
    2015-05-26 07:06 - 2015-05-26 07:06 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\hvunxjoa
    2015-05-25 09:42 - 2015-05-25 09:42 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\fyvdgtnj
    2015-05-25 00:12 - 2015-05-25 00:18 - 00000000 ____D C:\Users\Akshay\Documents\Heroes of the Storm
    2015-05-25 00:11 - 2015-05-25 00:11 - 00001195 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
    2015-05-25 00:11 - 2015-05-25 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
    2015-05-24 23:33 - 2015-06-01 18:39 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
    2015-05-24 23:25 - 2015-06-01 19:09 - 00000000 ____D C:\Users\Akshay\AppData\Local\Battle.net
    2015-05-24 23:25 - 2015-06-01 18:35 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2015-05-24 23:25 - 2015-05-25 00:13 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
    2015-05-24 23:25 - 2015-05-24 23:32 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Battle.net
    2015-05-24 23:25 - 2015-05-24 23:25 - 00001150 _____ C:\Users\Public\Desktop\Battle.net.lnk
    2015-05-24 23:25 - 2015-05-24 23:25 - 00000000 ____D C:\Users\Akshay\AppData\Local\Blizzard Entertainment
    2015-05-24 23:25 - 2015-05-24 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    2015-05-24 23:22 - 2015-05-24 23:22 - 00000000 ____D C:\ProgramData\Battle.net
    2015-05-24 23:21 - 2015-05-24 23:21 - 03081784 _____ (Blizzard Entertainment) C:\Users\Akshay\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
    2015-05-24 21:24 - 2015-05-24 21:25 - 00291386 _____ C:\Windows\msxml4-KB954430-enu.LOG
    2015-05-24 21:24 - 2015-05-24 21:24 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2015-05-24 01:44 - 2015-05-24 01:44 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\utkcckzw
    2015-05-22 19:30 - 2015-05-22 19:40 - 02454886 _____ C:\Users\Akshay\Downloads\DLL_pack.zip
    2015-05-22 17:18 - 2015-06-03 23:35 - 00000112 _____ C:\ProgramData\hf6Arut.dat
    2015-05-22 17:17 - 2015-05-22 17:17 - 00001107 _____ C:\Users\Akshay\Desktop\Launcher.exe - Shortcut.lnk
    2015-05-22 17:15 - 2015-05-22 17:15 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\wlxlqyco
    2015-05-22 12:43 - 2015-06-03 23:14 - 00000000 ____D C:\ProgramData\abc
    2015-05-22 12:43 - 2015-05-22 12:43 - 00000005 _____ C:\end
    2015-05-22 12:43 - 2015-05-22 12:43 - 00000000 ____D C:\ProgramData\pjnbeogopnccpeondfacbifllgjgfocp
    2015-05-22 12:43 - 2015-05-22 12:43 - 00000000 ____D C:\ProgramData\5638552006230216887
    2015-05-22 12:43 - 2015-05-22 12:43 - 00000000 ____D C:\Program Files\Coupoon
    2015-05-22 12:42 - 2015-05-22 12:42 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\sursenel
    2015-05-22 12:42 - 2015-05-22 12:42 - 00000000 ____D C:\Program Files (x86)\MyPCBU
    2015-05-22 12:42 - 2015-05-22 12:42 - 00000000 ____D C:\Program Files (x86)\app_setup
    2015-05-22 12:41 - 2015-05-22 17:39 - 00000000 ____D C:\Program Files (x86)\Coupoon
    2015-05-22 12:40 - 2015-05-22 12:41 - 01550352 _____ (Dummy, Ltd.) C:\Users\Akshay\Downloads\south.park.season.4.s04.complete.1080p.x265.hevc.aac.2.0.joy.utr_10924_i10854233_il345.exe
    2015-05-22 12:32 - 2015-05-22 12:34 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5.Fixed-3DM
    2015-05-22 12:27 - 2015-05-22 12:31 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.3(v1.0.335.2).and.Crack.v4-3DM
    2015-05-22 12:05 - 2015-05-22 12:05 - 00031938 _____ C:\Users\Akshay\Downloads\torrent (8)
    2015-05-22 12:05 - 2015-05-22 12:05 - 00031855 _____ C:\Users\Akshay\Downloads\torrent (9)
    2015-05-22 12:04 - 2015-05-22 12:06 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v4-3DM
    2015-05-22 12:04 - 2015-05-22 12:04 - 00031855 _____ C:\Users\Akshay\Downloads\torrent (7)
    2015-05-22 12:04 - 2015-05-22 12:04 - 00031845 _____ C:\Users\Akshay\Downloads\torrent (6)
    2015-05-22 12:03 - 2015-05-22 12:03 - 00031845 _____ C:\Users\Akshay\Downloads\torrent (5)
    2015-05-22 12:03 - 2015-05-22 12:03 - 00031837 _____ C:\Users\Akshay\Downloads\torrent (4)
    2015-05-22 11:21 - 2015-05-22 11:21 - 02763506 _____ C:\Users\Akshay\Downloads\SC-7487RLD.rar
    2015-05-22 10:38 - 2015-05-22 11:09 - 457519249 _____ C:\Users\Akshay\Downloads\SC-748712G.rar
    2015-05-22 06:42 - 2015-05-22 06:42 - 00031845 _____ C:\Users\Akshay\Downloads\torrent (3)
    2015-05-22 06:41 - 2015-05-22 12:27 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.2.and.Crack.v3-3DM
    2015-05-22 06:40 - 2015-05-22 06:41 - 00031938 _____ C:\Users\Akshay\Downloads\torrent (2)
    2015-05-22 06:40 - 2015-05-22 06:41 - 00031837 _____ C:\Users\Akshay\Downloads\torrent (1)
    2015-05-22 06:40 - 2015-05-22 06:40 - 00031845 _____ C:\Users\Akshay\Downloads\torrent
    2015-05-22 05:45 - 2015-05-22 05:45 - 442993748 _____ C:\Users\Akshay\Downloads\Grthftcrv5cr5fxd.rar
    2015-05-22 04:57 - 2015-05-22 19:15 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2015-05-22 04:56 - 2015-05-22 19:14 - 00000000 ____D C:\Program Files\Rockstar Games
    2015-05-22 04:55 - 2015-05-22 17:22 - 00000080 _____ C:\Users\Akshay\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
    2015-05-17 06:35 - 2015-05-17 23:38 - 00000000 ____D C:\Users\Akshay\Downloads\Grand Theft Auto V-FULL UNLOCKED-SG
    2015-05-17 06:34 - 2015-05-17 06:34 - 00165451 _____ C:\Users\Akshay\Downloads\Grand Theft Auto V-FULL UNLOCKED-SG.torrent
    2015-05-17 06:33 - 2015-05-17 06:33 - 00031842 _____ C:\Users\Akshay\Downloads\Grand.Theft.Auto.V.Update.4(v1.0.350.1).and.Crack.v4-3DM (1).torrent
    2015-05-17 06:32 - 2015-05-17 06:32 - 00151666 _____ C:\Users\Akshay\Downloads\Grand.Theft.Auto.V-RELOADED.torrent
    2015-05-17 06:32 - 2015-05-17 06:32 - 00031842 _____ C:\Users\Akshay\Downloads\Grand.Theft.Auto.V.Update.4(v1.0.350.1).and.Crack.v4-3DM.torrent
    2015-05-17 06:25 - 2015-05-17 06:25 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (5).msi
    2015-05-16 17:17 - 2015-05-16 17:17 - 00000000 ____D C:\Windows\CheckSur
    2015-05-12 13:51 - 2015-05-12 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TipMediaPlayer
    2015-05-12 13:51 - 2015-05-12 13:51 - 00000000 ____D C:\Program Files\TipMediaPlayer
    2015-05-12 13:46 - 2015-05-12 13:46 - 00715816 _____ (Application ) C:\Users\Akshay\Downloads\TipMediaPlayer_Setup.exe
    2015-05-12 13:39 - 2015-05-12 13:39 - 00144466 _____ C:\Users\Akshay\Downloads\League of Legends Riot Points Generator.rar
    2015-05-11 21:17 - 2015-05-24 23:07 - 00353120 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-05-11 21:16 - 2015-05-25 13:26 - 00010200 _____ C:\Windows\PFRO.log
    2015-05-11 14:00 - 2015-05-11 14:00 - 00638976 _____ C:\Users\Akshay\Downloads\Detection(1).msi
    2015-05-11 13:56 - 2015-05-11 13:56 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (4).msi
    2015-05-11 13:21 - 2015-05-11 13:21 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\MK10
    2015-05-11 01:28 - 2015-05-11 01:28 - 00018491 _____ C:\Windows\DirectX.log
    2015-05-11 00:43 - 2015-05-11 13:45 - 00000000 ____D C:\Program Files (x86)\Mortal Kombat X
    2015-05-09 13:12 - 2015-06-02 21:48 - 00003136 _____ C:\Windows\setupact.log
    2015-05-09 13:12 - 2015-05-09 13:12 - 00000000 _____ C:\Windows\setuperr.log
    2015-05-08 20:54 - 2015-05-08 20:54 - 00757976 _____ (Application Software ) C:\Users\Akshay\Downloads\Unconfirmed 790986.crdownload
    2015-05-08 20:52 - 2015-05-08 20:52 - 02333416 _____ (Intel) C:\Users\Akshay\Downloads\Intel Driver Update Utility Installer (1).exe
    2015-05-08 20:47 - 2015-05-25 19:04 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-05-08 20:47 - 2015-05-08 20:48 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (3).msi
    2015-05-08 20:47 - 2015-05-08 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-05-08 20:46 - 2015-06-04 19:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-08 20:46 - 2015-06-04 17:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-08 20:46 - 2015-05-16 17:52 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-05-08 20:46 - 2015-05-16 17:52 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-08 20:32 - 2015-05-17 06:38 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
    2015-05-08 20:21 - 2015-05-08 20:21 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (2).msi
    2015-05-08 20:15 - 2015-05-08 20:15 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (1).msi
    2015-05-08 18:54 - 2015-05-08 18:54 - 00638976 _____ C:\Users\Akshay\Downloads\Detection.msi
    2015-05-08 14:29 - 2015-05-08 14:29 - 00089856 _____ C:\Users\Akshay\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-05-07 20:22 - 2015-05-07 20:23 - 06482752 _____ (Piriform Ltd) C:\Users\Akshay\Downloads\ccsetup505pro.exe
    2015-05-07 20:14 - 2015-06-03 22:44 - 00000280 _____ C:\Windows\Tasks\DriverDoc_UPDATES.job
    2015-05-07 20:14 - 2015-05-07 20:14 - 00003026 _____ C:\Windows\System32\Tasks\DriverDoc_UPDATES
    2015-05-07 20:13 - 2015-05-07 20:13 - 00001035 _____ C:\Users\Public\Desktop\DriverDoc.lnk
    2015-05-07 20:13 - 2015-05-07 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc
    2015-05-07 20:13 - 2015-05-07 20:13 - 00000000 ____D C:\Program Files (x86)\DriverDoc
    2015-05-07 20:12 - 2015-05-07 20:12 - 00000000 ____D C:\Spacekace
    2015-05-07 20:11 - 2015-05-07 20:12 - 03068896 _____ C:\Users\Akshay\Downloads\Setup_DriverDoc_2015.exe
    2015-05-07 20:07 - 2015-06-04 15:32 - 00000276 _____ C:\Windows\Tasks\WinThruster_DEFAULT.job
    2015-05-07 20:07 - 2015-06-03 22:40 - 00000284 _____ C:\Windows\Tasks\WinThruster_UPDATES.job
    2015-05-07 20:07 - 2015-05-07 20:13 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Solvusoft
    2015-05-07 20:07 - 2015-05-07 20:07 - 03894696 _____ (solvusoft Corporation ) C:\Users\Akshay\Downloads\Setup_WinThruster_2015.exe
    2015-05-07 20:07 - 2015-05-07 20:07 - 00003030 _____ C:\Windows\System32\Tasks\WinThruster_UPDATES
    2015-05-07 20:07 - 2015-05-07 20:07 - 00002874 _____ C:\Windows\System32\Tasks\WinThruster_DEFAULT
    2015-05-07 20:07 - 2015-05-07 20:07 - 00001049 _____ C:\Users\Public\Desktop\WinThruster.lnk
    2015-05-07 20:07 - 2015-05-07 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
    2015-05-07 20:07 - 2015-05-07 20:07 - 00000000 ____D C:\Program Files (x86)\WinThruster
    2015-05-07 20:07 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
    2015-05-06 01:24 - 2015-05-06 01:24 - 00182966 _____ C:\Users\Akshay\Downloads\Wk12CultureEthnography.pptx

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-04 20:39 - 2012-11-21 22:03 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\uTorrent
    2015-06-04 20:39 - 2012-08-20 21:48 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Skype
    2015-06-04 20:38 - 2012-08-04 04:44 - 00000000 ____D C:\ProgramData\Skype
    2015-06-04 20:37 - 2013-06-11 07:09 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2015-06-04 20:37 - 2013-06-11 07:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-06-04 20:36 - 2012-08-04 04:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-04 20:36 - 2012-08-04 04:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-04 20:36 - 2012-08-04 04:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-04 20:36 - 2012-08-04 04:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-04 20:27 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-04 20:27 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-04 20:21 - 2015-01-06 17:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000UA.job
    2015-06-04 19:23 - 2014-01-31 11:31 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Spotify
    2015-06-04 17:54 - 2012-08-04 04:13 - 01245265 _____ C:\Windows\WindowsUpdate.log
    2015-06-04 16:09 - 2013-03-24 17:56 - 00004208 _____ C:\Windows\System32\Tasks\Software Updater
    2015-06-04 15:40 - 2015-01-06 17:00 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000Core.job
    2015-06-04 15:28 - 2013-01-26 13:44 - 00000000 ____D C:\Users\Akshay\AppData\Local\Spotify
    2015-06-04 05:26 - 2015-04-18 11:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-06-04 05:25 - 2015-04-18 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-04 05:25 - 2015-04-18 11:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-04 05:22 - 2013-10-04 03:23 - 00007621 _____ C:\Users\Akshay\AppData\Local\resmon.resmoncfg
    2015-06-03 10:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-06-03 00:28 - 2012-08-04 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2015-06-02 23:01 - 2012-08-22 01:31 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\vlc
    2015-06-02 21:48 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-01 20:05 - 2013-03-14 04:37 - 00000000 ____D C:\Program Files (x86)\Conduit
    2015-05-25 11:45 - 2013-01-15 16:13 - 00000000 ____D C:\Users\Akshay\AppData\Local\Windows Live Writer
    2015-05-25 10:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors
    2015-05-24 21:24 - 2012-08-25 15:39 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-05-22 17:03 - 2012-10-13 14:04 - 00000000 ____D C:\ProgramData\Package Cache
    2015-05-22 02:36 - 2013-05-05 06:16 - 00000000 ____D C:\Users\Akshay\Documents\Rockstar Games
    2015-05-22 02:36 - 2013-05-05 06:01 - 00000000 ____D C:\Users\Akshay\AppData\Local\Rockstar Games
    2015-05-19 11:05 - 2015-01-29 16:41 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Bioshock
    2015-05-19 10:59 - 2014-12-22 10:02 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-05-16 16:36 - 2014-12-09 19:53 - 00000000 ____D C:\Users\Akshay\Downloads\Bobs.Burgers
    2015-05-15 13:23 - 2014-05-16 19:07 - 00003752 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
    2015-05-15 13:23 - 2014-05-16 19:07 - 00000988 _____ C:\Users\Public\Desktop\Gyazo.lnk
    2015-05-15 13:23 - 2014-05-16 19:07 - 00000988 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
    2015-05-15 13:23 - 2014-05-16 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
    2015-05-15 13:23 - 2014-05-16 19:06 - 00000000 ____D C:\Program Files (x86)\Gyazo
    2015-05-15 13:16 - 2015-01-06 17:00 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000UA
    2015-05-15 13:16 - 2015-01-06 17:00 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000Core
    2015-05-11 21:56 - 2014-10-13 15:14 - 00000000 ____D C:\Program Files\AMD
    2015-05-11 21:46 - 2009-07-14 01:13 - 00798616 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-05-11 00:43 - 2012-08-23 01:34 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\DAEMON Tools Pro
    2015-05-08 20:47 - 2013-01-13 22:40 - 00000000 ____D C:\Program Files (x86)\Google
    2015-05-07 21:32 - 2014-05-28 10:42 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\TS3Client
    2015-05-07 20:28 - 2011-02-10 10:02 - 00000000 ____D C:\Windows\panther
    2015-05-07 20:24 - 2013-11-13 23:15 - 00000000 ____D C:\Program Files\CCleaner
    2015-05-07 20:23 - 2012-08-28 07:39 - 00000000 ____D C:\Windows\Minidump

    ==================== Files in the root of some directories =======

    2013-03-22 04:40 - 2013-03-22 04:40 - 0000240 _____ () C:\Users\Akshay\AppData\Roaming\RuneDream.db
    2012-09-02 01:03 - 2014-12-21 03:28 - 0006144 _____ () C:\Users\Akshay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-04-22 15:58 - 2013-04-22 16:00 - 1065984 _____ () C:\Users\Akshay\AppData\Local\file__0.localstorage
    2012-11-25 19:46 - 2012-11-25 19:46 - 0000094 _____ () C:\Users\Akshay\AppData\Local\fusioncache.dat
    2012-09-20 16:38 - 2014-04-25 21:13 - 0000600 _____ () C:\Users\Akshay\AppData\Local\PUTTY.RND
    2013-10-04 03:23 - 2015-06-04 05:22 - 0007621 _____ () C:\Users\Akshay\AppData\Local\resmon.resmoncfg
    2015-05-04 09:22 - 2015-05-04 09:22 - 0000437 _____ () C:\Users\Akshay\AppData\Local\WiDiLog.20150504.092214.txt
    2015-05-04 09:18 - 2015-05-04 09:22 - 0059583 _____ () C:\Users\Akshay\AppData\Local\WiDiSetupLog.20150504.091838.txt
    2015-05-22 17:18 - 2015-06-03 23:35 - 0000112 _____ () C:\ProgramData\hf6Arut.dat

    ZeroAccess:
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\@
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\00000004.@
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\201d3dde
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\4cce1f70
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\6715e287
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\76603ac3

    Files to move or delete:
    ====================
    C:\Users\Akshay\decim_runescape_preferences.dat
    C:\Users\Akshay\decim_runescape_preferences2.dat
    C:\Users\Akshay\matrix_cl_matrix_LIVE.dat
    C:\Users\Akshay\matrix_cl_matrix_LIVE1.dat
    C:\Users\Akshay\rn_cl_runenova_LIVE.dat
    C:\ProgramData\hf6Arut.dat


    Some files in TEMP:
    ====================
    C:\Users\Akshay\AppData\Local\Temp\Skin.dll
    C:\Users\Akshay\AppData\Local\Temp\south.park.season.4.s04.complete.1080p.x265.hevc.aac.2.0.joy.utr__10924_i1521270748_il1222234.exe
    C:\Users\Akshay\AppData\Local\Temp\SRLDetectionLibrary4403055876962157002.dll
    C:\Users\Akshay\AppData\Local\Temp\SRLDetectionLibrary7292949749817095708.dll
    C:\Users\Akshay\AppData\Local\Temp\SRLDetectionLibrary9203538910514754477.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-04 17:53

    ==================== End of log ============================
     
  5. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
    Ran by Akshay at 2015-06-04 20:40:36
    Running from C:\Users\Akshay\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2090909380-4087199382-2303749201-500 - Administrator - Disabled)
    Akshay (S-1-5-21-2090909380-4087199382-2303749201-1000 - Administrator - Enabled) => C:\Users\Akshay
    ASPNET (S-1-5-21-2090909380-4087199382-2303749201-1003 - Limited - Enabled)
    Guest (S-1-5-21-2090909380-4087199382-2303749201-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
    Assassin's Creed ® III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.00 - Ubisoft)
    Assassins Creed IV Black Flag Freedom Cry (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
    Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
    BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
    Boingo Wi-Finder (HKLM-x32\...\{1BE30884-D867-4648-9739-2DB19025DF04}) (Version: 5.1.0071 - Boingo Wireless, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Borderlands: The Pre-Sequel (HKLM-x32\...\Qm9yZGVybGFuZHNUaGVQcmVTZXF1ZWw=_is1) (Version: 1 - )
    BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
    Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
    ChromecastApp (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CommView for WiFi (HKLM-x32\...\{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}) (Version: 7.0 - TamoSoft)
    Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
    Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.30.0 - Conexant)
    Conexant Maxx Preset (HKLM\...\cMaxxPreset) (Version: 1.4.0.0 - Conexant Systems)
    Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.37.0 - Conexant)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    Coupoon version 1.0 (HKLM-x32\...\{49F8B4F8-0CD4-4BE4-A9E8-B13A071F7C90}_is1) (Version: 1.0 - Coupoon) <==== ATTENTION
    Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
    Dell Audio (HKLM\...\SA3) (Version: 1.72.0.0 - Conexant Systems)
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
    Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
    Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
    Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
    Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
    Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
    Dell System Detect (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\73f463568823ebbe) (Version: 6.1.0.3 - Dell)
    Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.16.1 - ELAN Microelectronic Corp.)
    Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
    Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
    Dell VideoStage (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.15 - Creative Technology Ltd)
    Dia (remove only) (HKLM-x32\...\Dia) (Version: - )
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    DownloadTerms (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\DownloadTerms) (Version: 1.0 - Unlimited Downloads, LLC) <==== ATTENTION
    Dragonball Xenoverse (HKLM-x32\...\Dragonball Xenoverse_is1) (Version: - )
    Dragon's Prophet (HKLM-x32\...\Steam App 229100) (Version: - Sony Online Entertainment)
    Dragons Prophet (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\SOE-Dragons Prophet) (Version: - Sony Online Entertainment)
    DriverAgent by eSupport.com (HKLM-x32\...\DriverAgent_is1) (Version: - Copyright © 2013 eSupport.com, Inc • All Rights Reserved)
    DriverDoc (HKLM-x32\...\DriverDoc_is1) (Version: 1.52.1086.14425 - Solvusoft Corporation)
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    Elcomsoft Wireless Security Auditor (HKLM-x32\...\{62C69DD0-1C15-46D3-B973-D617725E7F0A}) (Version: 5.08.313.1706 - Elcomsoft Co. Ltd.)
    Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Escape Whisper Valley (TM) (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ExpanDrive (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\ExpanDrive) (Version: - ExpanDrive, Inc.)
    Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)
    Fable - The Lost Chapters (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
    Fable Anniversary (HKLM-x32\...\Fable Anniversary_is1) (Version: - )
    Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
    Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
    Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft)
    Far Cry 3 (HKLM-x32\...\Far Cry 3_is1) (Version: 1.04 - R.G. Reverants)
    Far Cry 4 Update v1.5 (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
    gedit 2.30.1 (HKLM-x32\...\gedit_is1) (Version: 2.30.1 - GNOME)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
    Gyazo 2.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
    iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
    Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
    Java SE Development Kit 8 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
    Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Kingdoms of Amalur Reckoning (HKLM-x32\...\Kingdoms of Amalur Reckoning_is1) (Version: - )
    Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
    K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
    League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
    League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
    League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
    Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Camera Codec Pack (HKLM\...\{9DCA0803-0890-4631-94BA-17DE31C49C40}) (Version: 16.4.1734.1104 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Middle-earth Shadow of Mordor (HKLM-x32\...\Middle-earth Shadow of Mordor_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
    MyPCBU version 2.25 (HKLM-x32\...\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1) (Version: 2.25 - )
    Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.7 - Black Tree Gaming)
    Nosgoth (HKLM-x32\...\Steam App 200110) (Version: - Psyonix)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - )
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    PatchBeam (HKLM-x32\...\PatchBeam) (Version: 1.10 - ConeXware, Inc.)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Portal 3.3 (HKLM-x32\...\Portal 3.3) (Version: - )
    PowerArchiver 2012 (HKLM-x32\...\PowerArchiver 2012 13.00.26) (Version: 13.00.26 - ConeXware, Inc.)
    PowerArchiver 2012 (x32 Version: 13.00.26 - ConeXware, Inc.) Hidden
    Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
    PrivateTunnel (HKLM-x32\...\{1880714F-98B5-4DD1-9A33-98863B4E009B}) (Version: 2.0.0.0 - OpenVPN Technologies)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Putty (HKLM-x32\...\{8A4589F3-E0F2-41E2-906A-ECB7A4B76291}) (Version: 0.60 - Simon Tatham)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Python 2.7.3 (64-bit) (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}) (Version: 2.7.3150 - Python Software Foundation)
    QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
    QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.54.309.2012 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
    Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Sandboxie 3.76 (64-bit) (HKLM\...\Sandboxie) (Version: 3.76 - SANDBOXIE L.T.D)
    Secure Download Manager (HKLM-x32\...\{E86B07AE-9F94-44D5-AD47-DC2716EA90D2}) (Version: 3.1.40 - Kivuto Solutions Inc.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Shaun White Skateboarding (HKLM-x32\...\{173F2B02-2AAA-414F-A2D8-44870BB98F7A}) (Version: 1.0 - Ubisoft)
    Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
    Sleeping Dogs version 5.1 (HKLM-x32\...\{B810D852-DFD6-SLPDGS-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
    SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
    SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
    South Park The Stick of Truth - Update 2 version 1.0.1361 (HKLM-x32\...\{43BC092F-FEEF-4E74-805A-B20A67522D10}_is1) (Version: 1.0.1361 - Ubisoft)
    Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
    Spotify (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    sursenel (HKLM-x32\...\{7d0ff442-6ee9-4afb-74ec-015a61fc9fd0}) (Version: 1.0.0 - sidecom) <==== ATTENTION!
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab Detection (HKLM-x32\...\{95A54DD6-403D-4403-A998-EA81C24B5A88}) (Version: 6.1.4.0 - Husdawg, LLC)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
    TipMediaPlayer 1.0 (HKLM\...\{7268C940-B87D-4445-B180-4404E231775B}_is1) (Version: 1.0 - )
    Tribes Vengeance (HKLM-x32\...\InstallShield_{BBF51613-ACF3-4B1C-86E8-AD15BB431037}) (Version: 1.0.0 - Vivendi Universal Games)
    Tribes Vengeance (x32 Version: 1.0.0 - Vivendi Universal Games) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
    Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - )
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Paradigm CE 11.2 (HKLM\...\1106-5897-7327-6550) (Version: 11.2 - Visual Paradigm International Ltd.)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    VPython 6.05 (HKLM\...\VPython for Python 2.7_is1) (Version: - )
    Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
    Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WinThruster (HKLM-x32\...\WinThruster_is1) (Version: 1.79 - solvusoft Corporation)
    WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
    WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Akshay\AppData\Roaming\sursenel\ticyver.dll () <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    29-05-2015 14:56:03 Windows Update
    01-06-2015 20:05:13 Software Removal Tool
    04-06-2015 17:51:22 Windows Update
    04-06-2015 20:25:05 avast! antivirus system restore point

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {02304D31-B8AE-4C4F-A832-CB82B54D2AA6} - System32\Tasks\WinThruster => C:\Program Files (x86)\WinThruster\WinThruster.exe [2012-10-15] (Solvusoft Corporation)
    Task: {02433315-82BC-4E21-AC4E-7306BBF7261D} - System32\Tasks\{132CC7ED-72AD-4591-A1E6-CA4A3A84684A} => pcalua.exe -a "C:\Users\Akshay\Desktop\nba 2k14\Setup.exe" -d "C:\Users\Akshay\Desktop\nba 2k14"
    Task: {031F95D4-7E0A-4DE6-AF70-EC2FFB245BE7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000Core => C:\Users\Akshay\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
    Task: {0D91443A-BD4F-497B-94AC-6B7FE567573F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {12FFCED0-6538-4619-AD5A-70933152214E} - System32\Tasks\{89DD358E-C591-442F-A195-72EA4E86F4AF} => G:\Setup.exe
    Task: {171074B8-E39C-41FC-BC13-5398F5EBD964} - System32\Tasks\DriverDoc_UPDATES => C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe [2012-10-05] (Solvusoft Corporation)
    Task: {2D225986-13DE-4BBA-B829-2EBBDBE3B612} - System32\Tasks\{7D6BDBAB-EF78-4307-BD3D-3C8CC6FB936D} => pcalua.exe -a C:\Users\Akshay\Desktop\Crysis\setup.exe -d C:\Users\Akshay\Desktop\Crysis
    Task: {3E64EB68-4D6C-47C5-9C42-46F1C9E59C0C} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-04-30] ()
    Task: {465DEE4F-8C69-4F74-9C75-ACA729EB9539} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-04] (Adobe Systems Incorporated)
    Task: {50DEB759-C4FD-4996-9E7E-7E482A4E5038} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
    Task: {55F0D8BD-1B53-48B3-82A4-CB62B7AD3645} - System32\Tasks\{F88AD140-C18F-4555-B900-77FDB3603CC6} => pcalua.exe -a C:\d\Skyrim\install.exe -d C:\d\Skyrim
    Task: {5A0E4659-374F-4781-A1B6-E3C123CF09CB} - System32\Tasks\WinThruster_UPDATES => C:\Program Files (x86)\WinThruster\WinThruster.exe [2012-10-15] (Solvusoft Corporation)
    Task: {5B0A9FAA-26CD-4497-92E6-D248E1DEB760} - System32\Tasks\{9F7876E4-4610-43C0-A923-871527493671} => pcalua.exe -a C:\Users\Akshay\Downloads\Assassins_Creed_II-crack-SKIDROW\UPDATE\assassins_creed_2_1.01_us.exe -d C:\Users\Akshay\Downloads\Assassins_Creed_II-crack-SKIDROW\UPDATE
    Task: {5C70BDAA-6BB6-4050-8CC8-D351330B8EF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000UA => C:\Users\Akshay\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
    Task: {5F6E40AB-8FDE-4C48-A312-3D74B8EC5FD9} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-21] () <==== ATTENTION
    Task: {672F69C8-FE6A-4C70-A343-CB6C6DFE7844} - System32\Tasks\RunAsStdUser Task => C:\Users\Akshay\AppData\Local\vidshakeSA\bin\1.0.8.0\VidShakeSA.exe
    Task: {792839C8-1EE2-447C-B513-1763B423C36C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)
    Task: {7E41BC6A-22F6-416A-B565-DBF23E05E6F6} - System32\Tasks\{58D6AFF7-300B-463D-A8D3-6A9DCD435BD9} => pcalua.exe -a F:\Setup.exe -d F:\
    Task: {82657AA8-4C61-4C5F-8C59-5240DD63D852} - \Oxy Updater No Task File <==== ATTENTION
    Task: {8F69A088-D4E3-4486-9E08-DCB800EA5C8C} - \Oxy No Task File <==== ATTENTION
    Task: {9C21BA23-37A8-4604-B03E-98D177E0506C} - System32\Tasks\DriverDocRunAtStartup => C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe [2012-10-05] (Solvusoft Corporation)
    Task: {A1343D5E-10E9-4522-B2FC-A263E20E1D47} - System32\Tasks\WinThruster_DEFAULT => C:\Program Files (x86)\WinThruster\WinThruster.exe [2012-10-15] (Solvusoft Corporation)
    Task: {B1FEA4E9-2EBB-4BB4-A713-456A5BC9BCEE} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-22] (Microsoft Corporation)
    Task: {B772BE6C-5624-4508-A0F2-1F10D2C832CF} - System32\Tasks\{46F7317A-B841-4DCE-9B6B-B3AA703C2460} => Chrome.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsProgressBar
    Task: {C2E5CF6A-AE47-4B4A-B40B-211996898A40} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-04] (Avast Software s.r.o.)
    Task: {CEF0B242-1605-4602-8EF7-4D8DD15DC420} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {D9CFF865-CA70-449E-94C3-E192482A264F} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-12-21] () <==== ATTENTION
    Task: {E20E5440-D865-4E99-A8CB-4DCB3442EE22} - System32\Tasks\{8D5352C4-869D-4054-85E8-37370631798E} => C:\Users\Akshay\Desktop\nba 2k14\New folder\NBA2K14-SKIDROWCRACK.COM\setup.exe
    Task: {E87B4364-4488-4C35-BA60-88A42EDCBF7D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
    Task: {EA621330-592F-4543-AD39-7E80E4A376D2} - System32\Tasks\AdobeAAMUpdater-1.0-Akshay-PC-Akshay => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
    Task: {ECDD6C12-2280-4AFE-8E84-12CC95A1DB69} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
    Task: {EE92C2AE-2DCB-41AF-86B1-F3D1E8216BEE} - System32\Tasks\{083775D8-E221-40B6-B87E-BD5FBA93B470} => pcalua.exe -a "C:\Users\Akshay\Downloads\Empire Total War\Game\DVD 1\setup.exe" -d "C:\Users\Akshay\Downloads\Empire Total War\Game\DVD 1"
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DriverDoc_UPDATES.job => C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000Core.job => C:\Users\Akshay\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000UA.job => C:\Users\Akshay\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\WinThruster_DEFAULT.job => C:\Program Files (x86)\WinThruster\WinThruster.exe
    Task: C:\Windows\Tasks\WinThruster_UPDATES.job => C:\Program Files (x86)\WinThruster\WinThruster.exe
     
  6. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    ==================== Loaded Modules (Whitelisted) ==============

    2013-06-23 18:11 - 2013-12-10 22:07 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2015-05-22 12:41 - 2015-05-22 17:15 - 00053040 _____ () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
    2015-05-11 16:09 - 2015-05-11 16:09 - 00168960 _____ () C:\Users\Akshay\AppData\Roaming\sursenel\ticyver.dll
    2011-06-27 20:26 - 2011-06-27 20:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    2012-08-04 05:52 - 2012-03-19 06:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2011-06-29 09:52 - 2011-06-29 09:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    2015-04-01 15:51 - 2015-04-01 15:51 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
    2010-03-16 21:28 - 2010-03-16 21:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
    2010-03-22 16:52 - 2010-03-22 16:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
    2010-03-16 21:28 - 2010-03-16 21:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
    2010-03-16 21:28 - 2010-03-16 21:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
    2011-06-25 00:20 - 2011-06-25 00:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
    2011-06-27 20:25 - 2011-06-27 20:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
    2011-06-25 00:21 - 2011-06-25 00:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
    2010-03-11 20:52 - 2010-03-11 20:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
    2010-03-05 16:07 - 2010-03-05 16:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
    2010-03-05 16:07 - 2010-03-05 16:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
    2010-03-11 20:52 - 2010-03-11 20:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
    2015-03-08 11:44 - 2015-06-01 09:30 - 41287224 _____ () C:\Users\Akshay\AppData\Roaming\Spotify\libcef.dll
    2015-06-03 10:42 - 2015-06-03 10:42 - 00140800 _____ () C:\Users\Akshay\AppData\Roaming\qsistwrb\encecal.dll
    2015-03-08 11:44 - 2015-06-01 09:30 - 01488440 _____ () C:\Users\Akshay\AppData\Roaming\Spotify\libglesv2.dll
    2015-03-08 11:44 - 2015-06-01 09:30 - 00079928 _____ () C:\Users\Akshay\AppData\Roaming\Spotify\libegl.dll
    2015-03-08 11:44 - 2015-03-19 13:47 - 09305656 _____ () C:\Users\Akshay\AppData\Roaming\Spotify\pdf.dll
    2015-06-04 20:25 - 2015-06-04 20:25 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-06-04 20:25 - 2015-06-04 20:25 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-06-04 20:26 - 2015-06-04 20:26 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15042800\algo.dll
    2015-06-04 20:31 - 2015-06-04 20:31 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060401\algo.dll
    2015-06-04 20:25 - 2015-06-04 20:25 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-05-25 19:04 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
    2015-05-25 19:04 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
    2015-05-25 19:04 - 2015-05-22 16:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\dell.com -> dell.com
    IE trusted site: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\sony.com -> sony.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Akshay\Desktop\New folder (4)\60-amazing-hd-pictures-from-around-the-world-stuff-kit.jpg
    DNS Servers: 209.18.47.61 - 209.18.47.62

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeActiveFileMonitor9.0 => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMPPALR3 => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: ArcService => 3
    MSCONFIG\Services: Bluetooth Device Monitor => 2
    MSCONFIG\Services: Bluetooth Media Service => 3
    MSCONFIG\Services: Bluetooth OBEX Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: BTHSSecurityMgr => 2
    MSCONFIG\Services: CAMService => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: CxUtilSvc => 2
    MSCONFIG\Services: EvtEng => 2
    MSCONFIG\Services: GamesAppService => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: HiPatchService => 2
    MSCONFIG\Services: IAStorDataMgrSvc => 2
    MSCONFIG\Services: ICCS => 3
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: MyWiFiDHCPDNS => 3
    MSCONFIG\Services: NOBU => 2
    MSCONFIG\Services: OpenVPNAccessClient => 2
    MSCONFIG\Services: RegSrvc => 2
    MSCONFIG\Services: SbieSvc => 2
    MSCONFIG\Services: SftService => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: SystemStoreService => 2
    MSCONFIG\Services: TurboBoost => 3
    MSCONFIG\Services: UNS => 2
    MSCONFIG\Services: ZeroConfigService => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PrivateTunnel.lnk => C:\Windows\pss\PrivateTunnel.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Akshay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
    MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: Boingo Wi-Finder => "C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk"
    MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
    MSCONFIG\startupreg: Facebook Update => "C:\Users\Akshay\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Spotify => "C:\Users\Akshay\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Akshay\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
    MSCONFIG\startupreg: uTorrent => "C:\Users\Akshay\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Faulty Device Manager Devices =============

    Name: Microsoft Virtual WiFi Miniport Adapter
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Microsoft Virtual WiFi Miniport Adapter #2
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: TAP-Win32 Adapter OAS
    Description: TAP-Win32 Adapter OAS
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Win32 Provider OAS
    Service: tapoas
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/04/2015 08:25:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary wbruuqvt.

    System Error:
    The system cannot find the file specified.
    .

    Error: (06/04/2015 05:55:38 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (06/02/2015 11:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iiwjljrnpc64.exe, version: 0.0.0.0, time stamp: 0x551bf9ee
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000374
    Fault offset: 0x00000000000c4102
    Faulting process id: 0x780
    Faulting application start time: 0xiiwjljrnpc64.exe0
    Faulting application path: iiwjljrnpc64.exe1
    Faulting module path: iiwjljrnpc64.exe2
    Report Id: iiwjljrnpc64.exe3

    Error: (06/02/2015 09:50:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/31/2015 09:25:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: South Park - The Stick of Truth.exe, version: 1.0.0.0, time stamp: 0x533903ee
    Faulting module name: South Park - The Stick of Truth.exe, version: 1.0.0.0, time stamp: 0x533903ee
    Exception code: 0xc0000005
    Fault offset: 0x0010541d
    Faulting process id: 0xe274
    Faulting application start time: 0xSouth Park - The Stick of Truth.exe0
    Faulting application path: South Park - The Stick of Truth.exe1
    Faulting module path: South Park - The Stick of Truth.exe2
    Report Id: South Park - The Stick of Truth.exe3

    Error: (05/31/2015 07:15:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SignalIslandUi.exe, version: 2.1.23.0, time stamp: 0x4cf430b9
    Faulting module name: aticfx64.dll, version: 8.17.10.1333, time stamp: 0x546e9fa2
    Exception code: 0xc0000005
    Fault offset: 0x00000000000839e0
    Faulting process id: 0x%9
    Faulting application start time: 0xSignalIslandUi.exe0
    Faulting application path: SignalIslandUi.exe1
    Faulting module path: SignalIslandUi.exe2
    Report Id: SignalIslandUi.exe3

    Error: (05/31/2015 01:40:14 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (05/30/2015 03:52:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: South Park - The Stick of Truth.exe, version: 1.0.0.0, time stamp: 0x533903ee
    Faulting module name: South Park - The Stick of Truth.exe, version: 1.0.0.0, time stamp: 0x533903ee
    Exception code: 0xc0000005
    Fault offset: 0x00082cd2
    Faulting process id: 0xc6f4
    Faulting application start time: 0xSouth Park - The Stick of Truth.exe0
    Faulting application path: South Park - The Stick of Truth.exe1
    Faulting module path: South Park - The Stick of Truth.exe2
    Report Id: South Park - The Stick of Truth.exe3

    Error: (05/29/2015 11:44:19 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (05/29/2015 02:59:40 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


    System errors:
    =============
    Error: (06/04/2015 03:37:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (06/04/2015 03:30:08 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/04/2015 03:28:08 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/04/2015 03:28:03 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/04/2015 03:28:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/04/2015 03:28:00 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/04/2015 07:48:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/04/2015 07:48:21 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/04/2015 07:48:19 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/04/2015 07:48:16 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.


    Microsoft Office:
    =========================
    Error: (06/04/2015 08:25:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary wbruuqvt.

    System Error:
    The system cannot find the file specified.

    Error: (06/04/2015 05:55:38 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

    Error: (06/02/2015 11:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iiwjljrnpc64.exe0.0.0.0551bf9eentdll.dll6.1.7601.18247521eaf24c000037400000000000c410278001d09d9f69dd3e82C:\Program Files (x86)\coupoon\iiwjljrnpc64.exeC:\Windows\SYSTEM32\ntdll.dlld96770ba-099c-11e5-bf00-685d43f2a0f7

    Error: (06/02/2015 09:50:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/31/2015 09:25:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: South Park - The Stick of Truth.exe1.0.0.0533903eeSouth Park - The Stick of Truth.exe1.0.0.0533903eec00000050010541de27401d09be0f6c1d2caC:\Program Files (x86)\Southpark Stick of Truth\South Park - The Stick of Truth.exeC:\Program Files (x86)\Southpark Stick of Truth\South Park - The Stick of Truth.exe125a8594-07fd-11e5-96df-685d43f2a0f7

    Error: (05/31/2015 07:15:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: SignalIslandUi.exe2.1.23.04cf430b9aticfx64.dll8.17.10.1333546e9fa2c000000500000000000839e0

    Error: (05/31/2015 01:40:14 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

    Error: (05/30/2015 03:52:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: South Park - The Stick of Truth.exe1.0.0.0533903eeSouth Park - The Stick of Truth.exe1.0.0.0533903eec000000500082cd2c6f401d09b0d26397ccfC:\Program Files (x86)\Southpark Stick of Truth\South Park - The Stick of Truth.exeC:\Program Files (x86)\Southpark Stick of Truth\South Park - The Stick of Truth.exe6da3da4e-0705-11e5-96df-685d43f2a0f7

    Error: (05/29/2015 11:44:19 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

    Error: (05/29/2015 02:59:40 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe


    CodeIntegrity Errors:
    ===================================
    Date: 2015-05-22 04:44:03.351
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-20 15:19:10.654
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-20 15:18:24.813
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-20 03:27:20.521
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-14 12:34:33.221
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-14 12:29:21.822
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-10 18:04:49.455
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-10 15:39:28.766
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-10 15:01:44.965
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-10 13:46:46.118
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz
    Percentage of memory in use: 45%
    Total physical RAM: 8067.36 MB
    Available physical RAM: 4372.45 MB
    Total Pagefile: 16132.89 MB
    Available Pagefile: 9524.4 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:678.79 GB) (Free:41.59 GB) NTFS
    Drive d: (Fable Disk 1) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 1EACCD23)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=19.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=678.8 GB) - (Type=07 NTFS)

    ==================== End of log ============================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    [​IMG] Uninstall following unwanted programs:

    Coupoon version 1.0
    DownloadTerms
    sursenel


    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  8. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    Not sure what's happening but when I try to open control panel, it gives me the following error:
    ::{26EE0668-A00A-44D7-9371-BEB064C98683}
    system call failed.
    Never seen this one before
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Remind me of that error when we're done with cleaning process.
     
  10. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    But how am I supposed to uninstall those programs if I can't open the control panel?
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Leave those alone for now.
    Go ahead with other step.
     
  12. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    Restarted my laptop before I saw your message but control panel works now and I uninstalled those programs. Here is the FixLog :


    Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
    Ran by Akshay at 2015-06-05 18:41:11 Run:1
    Running from C:\Users\Akshay\Desktop
    Loaded Profiles: Akshay (Available Profiles: Akshay)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [krmpib] => "C:\Windows\System32\rundll32.exe" "C:\Users\Akshay\AppData\Roaming\krmpib.dll",List_Append <===== ATTENTION
    C:\Users\Akshay\AppData\Roaming\krmpib.dll
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\MountPoints2: {3423850d-95f2-11e4-ae08-685d43f2a0f7} - E:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\MountPoints2: {6a96cd9c-de1c-11e1-be67-806e6f6e6963} - D:\autorun.exe
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\MountPoints2: {9242d172-f277-11e4-8680-806e6f6e6963} - D:\autorun.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyServer: [S-1-5-21-2090909380-4087199382-2303749201-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555
    RemoveProxy:
    SearchScopes: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000 -> {BCDA109D-38D2-4DA3-84F5-43A348A94C54} URL =
    BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
    BHO-x32: No Name -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> No File
    Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
    Toolbar: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
    Winsock: Catalog5 01 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll File not found ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & ' ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 05 mswsock.dll File Not ' & $found1 & ' ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Hosts:
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    CHR HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oleomanaehojaiigacblenknbkhfdicd] - C:\Users\Akshay\AppData\Local\CRE\oleomanaehojaiigacblenknbkhfdicd.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [oleomanaehojaiigacblenknbkhfdicd] - C:\Users\Akshay\AppData\Local\CRE\oleomanaehojaiigacblenknbkhfdicd.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [pdelhcfcejepbjakfabeapgdnkpilnik] - C:\Users\Akshay\AppData\LocalLow\Playbryte\Chrome.crx [Not Found]
    S2 fa6789c5; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\VideoCnv\Zet.dll",serv
    c:\Program Files (x86)\VideoCnv
    S1 aqtnffop; \??\C:\Windows\system32\drivers\aqtnffop.sys [X]
    S3 btmaudio; system32\drivers\btmaud.sys [X]
    S1 chkthdxn; \??\C:\Windows\system32\drivers\chkthdxn.sys [X]
    S1 dbtbsvbo; \??\C:\Windows\system32\drivers\dbtbsvbo.sys [X]
    S1 fcqywial; \??\C:\Windows\system32\drivers\fcqywial.sys [X]
    S1 forkbcii; \??\C:\Windows\system32\drivers\forkbcii.sys [X]
    S1 fszikxaw; \??\C:\Windows\system32\drivers\fszikxaw.sys [X]
    S1 hywfauij; \??\C:\Windows\system32\drivers\hywfauij.sys [X]
    S1 ihtaguig; \??\C:\Windows\system32\drivers\ihtaguig.sys [X]
    S2 IOPort; \??\C:\Windows\system32\drivers\ioport.sys [X]
    S3 iscFlash; \??\C:\Users\Akshay\AppData\Local\Temp\7zS9B0A.tmp\iscflashx64.sys [X]
    S1 jlkchmtu; \??\C:\Windows\system32\drivers\jlkchmtu.sys [X]
    S1 ksbgamje; \??\C:\Windows\system32\drivers\ksbgamje.sys [X]
    S1 ksvlpruc; \??\C:\Windows\system32\drivers\ksvlpruc.sys [X]
    S1 lmbvbocc; \??\C:\Windows\system32\drivers\lmbvbocc.sys [X]
    S1 lqcnsrvv; \??\C:\Windows\system32\drivers\lqcnsrvv.sys [X]
    S1 lwvlbayh; \??\C:\Windows\system32\drivers\lwvlbayh.sys [X]
    S1 mbgmwtri; \??\C:\Windows\system32\drivers\mbgmwtri.sys [X]
    S2 MemPort; \??\C:\Windows\system32\drivers\memport.sys [X]
    S1 pfmpzctj; \??\C:\Windows\system32\drivers\pfmpzctj.sys [X]
    S1 rdmjzans; \??\C:\Windows\system32\drivers\rdmjzans.sys [X]
    S1 usywefga; \??\C:\Windows\system32\drivers\usywefga.sys [X]
    S1 wmcttkhs; \??\C:\Windows\system32\drivers\wmcttkhs.sys [X]
    2015-06-03 10:42 - 2015-06-03 10:42 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\qsistwrb
    2015-06-02 23:05 - 2015-06-02 23:05 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\jzeslyss
    2015-06-01 18:10 - 2015-06-01 18:10 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\cucqngon
    2015-05-28 05:41 - 2015-05-28 05:41 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\hsivjymo
    2015-05-26 09:20 - 2015-05-26 09:20 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\qlmwehsc
    2015-05-26 08:26 - 2015-05-26 08:26 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\pnbpyjpr
    2015-05-26 08:01 - 2015-05-26 08:01 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\rpjqnoov
    2015-05-26 07:06 - 2015-05-26 07:06 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\hvunxjoa
    2015-05-25 09:42 - 2015-05-25 09:42 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\fyvdgtnj
    2015-05-24 01:44 - 2015-05-24 01:44 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\utkcckzw
    2015-05-22 17:15 - 2015-05-22 17:15 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\wlxlqyco
    2015-05-22 12:43 - 2015-05-22 12:43 - 00000000 ____D C:\ProgramData\pjnbeogopnccpeondfacbifllgjgfocp
    2013-03-22 04:40 - 2013-03-22 04:40 - 0000240 _____ () C:\Users\Akshay\AppData\Roaming\RuneDream.db
    2012-09-02 01:03 - 2014-12-21 03:28 - 0006144 _____ () C:\Users\Akshay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-04-22 15:58 - 2013-04-22 16:00 - 1065984 _____ () C:\Users\Akshay\AppData\Local\file__0.localstorage
    2012-11-25 19:46 - 2012-11-25 19:46 - 0000094 _____ () C:\Users\Akshay\AppData\Local\fusioncache.dat
    2012-09-20 16:38 - 2014-04-25 21:13 - 0000600 _____ () C:\Users\Akshay\AppData\Local\PUTTY.RND
    2013-10-04 03:23 - 2015-06-04 05:22 - 0007621 _____ () C:\Users\Akshay\AppData\Local\resmon.resmoncfg
    2015-05-04 09:22 - 2015-05-04 09:22 - 0000437 _____ () C:\Users\Akshay\AppData\Local\WiDiLog.20150504.092214.txt
    2015-05-04 09:18 - 2015-05-04 09:22 - 0059583 _____ () C:\Users\Akshay\AppData\Local\WiDiSetupLog.20150504.091838.txt
    2015-05-22 17:18 - 2015-06-03 23:35 - 0000112 _____ () C:\ProgramData\hf6Arut.dat
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\@
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\00000004.@
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\201d3dde
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\4cce1f70
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\6715e287
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\76603ac3
    C:\Users\Akshay\decim_runescape_preferences.dat
    C:\Users\Akshay\decim_runescape_preferences2.dat
    C:\Users\Akshay\matrix_cl_matrix_LIVE.dat
    C:\Users\Akshay\matrix_cl_matrix_LIVE1.dat
    C:\Users\Akshay\rn_cl_runenova_LIVE.dat
    C:\ProgramData\hf6Arut.dat
    C:\Users\Akshay\AppData\Local\Temp\Skin.dll
    C:\Users\Akshay\AppData\Local\Temp\south.park.season.4.s04.complete.1080p.x265.hevc.aac.2.0.joy.utr__10924_i1521270748_il1222234.exe
    C:\Users\Akshay\AppData\Local\Temp\SRLDetectionLibrary4403055876962157002.dll
    C:\Users\Akshay\AppData\Local\Temp\SRLDetectionLibrary7292949749817095708.dll
    C:\Users\Akshay\AppData\Local\Temp\SRLDetectionLibrary9203538910514754477.dll
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Akshay\AppData\Roaming\sursenel\ticyver.dll () <==== ATTENTION
    C:\Users\Akshay\AppData\Roaming\sursenel\ticyver.dll
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    Task: {5F6E40AB-8FDE-4C48-A312-3D74B8EC5FD9} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-21] () <==== ATTENTION
    C:\Program Files (x86)\SoftwareUpdater
    S4 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-04-09] () [File not signed]
    Task: {82657AA8-4C61-4C5F-8C59-5240DD63D852} - \Oxy Updater No Task File <==== ATTENTION
    Task: {8F69A088-D4E3-4486-9E08-DCB800EA5C8C} - \Oxy No Task File <==== ATTENTION
    Task: {D9CFF865-CA70-449E-94C3-E192482A264F} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-12-21] () <==== ATTENTION
    AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}


    *****************

    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Windows\CurrentVersion\Run\\krmpib => value removed successfully
    "C:\Users\Akshay\AppData\Roaming\krmpib.dll" => File/Folder not found.
    "HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3423850d-95f2-11e4-ae08-685d43f2a0f7}" => key removed successfully
    HKCR\CLSID\{3423850d-95f2-11e4-ae08-685d43f2a0f7} => key not found.
    "HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a96cd9c-de1c-11e1-be67-806e6f6e6963}" => key removed successfully
    HKCR\CLSID\{6a96cd9c-de1c-11e1-be67-806e6f6e6963} => key not found.
    "HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9242d172-f277-11e4-8680-806e6f6e6963}" => key removed successfully
    HKCR\CLSID\{9242d172-f277-11e4-8680-806e6f6e6963} => key not found.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully

    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    "HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BCDA109D-38D2-4DA3-84F5-43A348A94C54}" => key removed successfully
    HKCR\CLSID\{BCDA109D-38D2-4DA3-84F5-43A348A94C54} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfully
    HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3} => value removed successfully
    HKCR\Wow6432Node\CLSID\{b278d9f8-0fa9-465e-9938-0c392605d8e3} => key not found.
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value removed successfully
    HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => key not found.
    "HKCR\PROTOCOLS\Filter\application/x-mfe-ipt" => key removed successfully
    HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found.
    Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
    Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
    Hosts restored successfully.
    "HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
    "HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\SOFTWARE\Google\Chrome\Extensions\oleomanaehojaiigacblenknbkhfdicd" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oleomanaehojaiigacblenknbkhfdicd" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pdelhcfcejepbjakfabeapgdnkpilnik" => key removed successfully
    fa6789c5 => Service removed successfully
    c:\Program Files (x86)\VideoCnv => moved successfully.
    aqtnffop => Service removed successfully
    btmaudio => Service removed successfully
    chkthdxn => Service removed successfully
    dbtbsvbo => Service removed successfully
    fcqywial => Service removed successfully
    forkbcii => Service removed successfully
    fszikxaw => Service removed successfully
    hywfauij => Service removed successfully
    ihtaguig => Service removed successfully
    IOPort => Service removed successfully
    iscFlash => Service removed successfully
    jlkchmtu => Service removed successfully
    ksbgamje => Service removed successfully
    ksvlpruc => Service removed successfully
    lmbvbocc => Service removed successfully
    lqcnsrvv => Service removed successfully
    lwvlbayh => Service removed successfully
    mbgmwtri => Service removed successfully
    MemPort => Service removed successfully
    pfmpzctj => Service removed successfully
    rdmjzans => Service removed successfully
    usywefga => Service removed successfully
    wmcttkhs => Service removed successfully
    C:\Users\Akshay\AppData\Roaming\qsistwrb => moved successfully.
    C:\Users\Akshay\AppData\Roaming\jzeslyss => moved successfully.
    C:\Users\Akshay\AppData\Roaming\cucqngon => moved successfully.
    C:\Users\Akshay\AppData\Roaming\hsivjymo => moved successfully.
    C:\Users\Akshay\AppData\Roaming\qlmwehsc => moved successfully.
    C:\Users\Akshay\AppData\Roaming\pnbpyjpr => moved successfully.
    C:\Users\Akshay\AppData\Roaming\rpjqnoov => moved successfully.
    C:\Users\Akshay\AppData\Roaming\hvunxjoa => moved successfully.
    C:\Users\Akshay\AppData\Roaming\fyvdgtnj => moved successfully.
    C:\Users\Akshay\AppData\Roaming\utkcckzw => moved successfully.
    C:\Users\Akshay\AppData\Roaming\wlxlqyco => moved successfully.
    C:\ProgramData\pjnbeogopnccpeondfacbifllgjgfocp => moved successfully.
    C:\Users\Akshay\AppData\Roaming\RuneDream.db => moved successfully.
    C:\Users\Akshay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
    C:\Users\Akshay\AppData\Local\file__0.localstorage => moved successfully.
    C:\Users\Akshay\AppData\Local\fusioncache.dat => moved successfully.
    C:\Users\Akshay\AppData\Local\PUTTY.RND => moved successfully.
    C:\Users\Akshay\AppData\Local\resmon.resmoncfg => moved successfully.
    C:\Users\Akshay\AppData\Local\WiDiLog.20150504.092214.txt => moved successfully.
    C:\Users\Akshay\AppData\Local\WiDiSetupLog.20150504.091838.txt => moved successfully.
    C:\ProgramData\hf6Arut.dat => moved successfully.
    C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced} => moved successfully.
    "C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\@" => File/Folder not found.
    "C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\00000004.@" => File/Folder not found.
    "C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\201d3dde" => File/Folder not found.
    "C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\4cce1f70" => File/Folder not found.
    "C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\6715e287" => File/Folder not found.
    "C:\Windows\Installer\{754f23bd-1781-7fb1-adb7-5a1512b1aced}\L\76603ac3" => File/Folder not found.
    C:\Users\Akshay\decim_runescape_preferences.dat => moved successfully.
    C:\Users\Akshay\decim_runescape_preferences2.dat => moved successfully.
    C:\Users\Akshay\matrix_cl_matrix_LIVE.dat => moved successfully.
    C:\Users\Akshay\matrix_cl_matrix_LIVE1.dat => moved successfully.
    C:\Users\Akshay\rn_cl_runenova_LIVE.dat => moved successfully.
    "C:\ProgramData\hf6Arut.dat" => File/Folder not found.
    C:\Users\Akshay\AppData\Local\Temp\Skin.dll => moved successfully.
    C:\Users\Akshay\AppData\Local\Temp\south.park.season.4.s04.complete.1080p.x265.hevc.aac.2.0.joy.utr__10924_i1521270748_il1222234.exe => moved successfully.
    C:\Users\Akshay\AppData\Local\Temp\SRLDetectionLibrary4403055876962157002.dll => moved successfully.
    C:\Users\Akshay\AppData\Local\Temp\SRLDetectionLibrary7292949749817095708.dll => moved successfully.
    C:\Users\Akshay\AppData\Local\Temp\SRLDetectionLibrary9203538910514754477.dll => moved successfully.
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} => key not found.
    "C:\Users\Akshay\AppData\Roaming\sursenel\ticyver.dll" => File/Folder not found.
    "HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
    "HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F6E40AB-8FDE-4C48-A312-3D74B8EC5FD9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F6E40AB-8FDE-4C48-A312-3D74B8EC5FD9}" => key removed successfully
    C:\Windows\System32\Tasks\Software Updater => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater" => key removed successfully
    C:\Program Files (x86)\SoftwareUpdater => moved successfully.
    SystemStoreService => Service removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82657AA8-4C61-4C5F-8C59-5240DD63D852}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82657AA8-4C61-4C5F-8C59-5240DD63D852}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxy Updater" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F69A088-D4E3-4486-9E08-DCB800EA5C8C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F69A088-D4E3-4486-9E08-DCB800EA5C8C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxy" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9CFF865-CA70-449E-94C3-E192482A264F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9CFF865-CA70-449E-94C3-E192482A264F}" => key removed successfully
    C:\Windows\System32\Tasks\Software Updater Ui => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui" => key removed successfully
    C:\Windows => ":{4B9A1497-0817-47C4-9612-D6A1C53ACF57}" ADS removed successfully.

    ==== End of Fixlog 18:41:14 ====
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  14. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    RogueKiller V10.8.1.0 [Jun 3 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Akshay [Administrator]
    Started from : C:\Users\Akshay\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 06/06/2015 00:18:23

    ¤¤¤ Processes : 5 ¤¤¤
    [VT.PUP.Optional.Coupoon.A] UpdateCheck.exe(6468) -- C:\Program Files (x86)\Coupoon\UpdateCheck.exe[7] VT(16) -> Killed [TermProc]
    [Proc.Injected] sndvol.exe(11040) -- C:\Windows\SysWOW64\config\systemprofile\sndvol.exe[7] -> Killed [TermProc]
    [Proc.Injected|VT.PUP.Optional.Coupoon.A] UpdateCheck.exe(12256) -- C:\Program Files (x86)\Coupoon\UpdateCheck.exe[7] VT(16) -> Killed [TermProc]
    [Proc.Injected] iexplore.exe(10636) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
    [Proc.Injected] iexplore.exe(11316) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7] -> Killed [TermProc]

    ¤¤¤ Registry : 8 ¤¤¤
    [PUP|VT.PUP.Optional.Coupoon.A] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CoupoonService64 (C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe) -> Deleted
    [PUP|VT.PUP.Optional.AdPeak.A] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Deleted
    [PUP|VT.PUP.Optional.Coupoon.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CoupoonService64 (C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe) -> Deleted
    [PUP|VT.PUP.Optional.AdPeak.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Deleted
    [PUP|VT.PUP.Optional.Coupoon.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CoupoonService64 (C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe) -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iscFlash (\??\C:\Users\Akshay\AppData\Local\Temp\7zS9B0A.tmp\iscflashx64.sys) -> Not selected
    [PUP|VT.PUP.Optional.AdPeak.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\netfilter64 (system32\drivers\netfilter64.sys) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SystemStoreService ("C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe" -displayname "System Store" -servicename "SystemStoreService") -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \\RunAsStdUser Task -- "C:\Users\Akshay\AppData\Local\vidshakeSA\bin\1.0.8.0\VidShakeSA.exe" -> Not selected

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD7500BPKT-75PK4 SCSI Disk Device +++++
    --- User ---
    [MBR] bac6bd7ac1a0036c4d20b0c9ee5aac93
    [BSP] 1b206fb0a9e673dc8fb207929ba31153 : HP|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 20286 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 41627648 | Size: 695077 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_06062015_001738.log
     
  15. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/6/2015
    Scan Time: 12:21:08 AM
    Logfile: MbamScan.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.06.05.06
    Rootkit Database: v2015.06.02.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Akshay

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 396454
    Time Elapsed: 1 hr, 8 min, 43 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 3
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\UpdateCheck.exe, 13004, Delete-on-Reboot, [27f3dbdcc0ca4ceac056433057aff30d]
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\UpdateCheck.exe, 10336, Delete-on-Reboot, [27f3dbdcc0ca4ceac056433057aff30d]
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\UpdateCheck.exe, 8820, Delete-on-Reboot, [27f3dbdcc0ca4ceac056433057aff30d]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 7
    PUP.Optional.Coupoon.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UpdateCheck, Quarantined, [27f3dbdcc0ca4ceac056433057aff30d],
    PUP.Optional.Priceless, HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [fb1f5364d2b83105766881f1f40e43bd],
    PUP.Optional.Priceless, HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [fb1f5364d2b83105766881f1f40e43bd],
    PUP.Optional.Coupoon.A, HKLM\SOFTWARE\coupoon, Quarantined, [20fac7f0bcceeb4bfbd72a505baae41c],
    PUP.Optional.Coupoon.A, HKLM\SOFTWARE\WOW6432NODE\coupoon, Quarantined, [0b0f30870b7f31058c463842996cbf41],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211141126}, Quarantined, [7e9cf2c5cbbfc76f5d439be583829e62],
    PUP.Optional.Coupoon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\coupoon, Quarantined, [f7237740d9b18ea8963a67137c89c13f],

    Registry Values: 2
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211141126}|AppName, Savings Addon-bg.exe, Quarantined, [7e9cf2c5cbbfc76f5d439be583829e62]
    PUP.Optional.Coupoon.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UPDATECHECK|ImagePath, C:\Program Files (x86)\Coupoon\UpdateCheck.exe run , Quarantined, [a476eacd781249edad1dbec1000501ff]

    Registry Data: 0
    (No malicious items detected)

    Folders: 9
    PUP.Optional.SweetIM.C, C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}, Quarantined, [d149d6e10684330348694da024df0bf5],
    PUP.Optional.SweetPacks.A, C:\Users\Akshay\AppData\Roaming\Mozilla\Firefox\Profiles\j0nrwl47.default\SweetPacksToolbarData, Quarantined, [4fcbe9ce9bef0036c25039a3669da45c],
    PUP.Optional.SweetPacks.A, C:\Users\Akshay\AppData\Roaming\Mozilla\Firefox\Profiles\j0nrwl47.default\SweetPacksToolbarData\logs, Quarantined, [4fcbe9ce9bef0036c25039a3669da45c],
    PUP.Optional.Coupoon.A, C:\Program Files\Coupoon, Quarantined, [49d1c9eec3c7ec4a33a601e2e2211ee2],
    PUP.Optional.Coupoon.A, C:\Program Files\Coupoon\SSL, Quarantined, [49d1c9eec3c7ec4a33a601e2e2211ee2],
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon, Delete-on-Reboot, [0f0bb00784069d993e9b9053966d8d73],
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\locales, Quarantined, [0f0bb00784069d993e9b9053966d8d73],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [97830fa8345671c5a6cf95516f941de3],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G, Quarantined, [97830fa8345671c5a6cf95516f941de3],

    Files: 29
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\UpdateCheck.exe, Delete-on-Reboot, [27f3dbdcc0ca4ceac056433057aff30d],
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\iiwjljrnpc64.exe, Quarantined, [87937d3ad1b9a096948290e3df27ec14],
    PUP.Optional.AdPeak.A, C:\Windows\System32\drivers\netfilter64.sys, Quarantined, [d04a0aad5c2e1a1c3361cca79076936d],
    PUP.Optional.PastaLeads.A, C:\Users\Akshay\AppData\Local\Temp\awh46B3.tmp, Quarantined, [45d53a7d49413600be4e5c159a6cf60a],
    PUP.Optional.ComNotifications.A, C:\Users\Akshay\AppData\Local\Temp\awh46B5.tmp, Quarantined, [20fa8b2cd6b4d1652f2ee1907e88817f],
    PUP.Optional.WebBar.A, C:\Users\Akshay\AppData\Local\Temp\awh4772.tmp, Quarantined, [8a9071469cee93a3dad34bf7de247c84],
    PUP.Optional.IdleCrawler, C:\Users\Akshay\AppData\Local\Temp\awh4A52.tmp, Quarantined, [cd4d3b7c13776accd71a333420e24ab6],
    PUP.Optional.Eorezo, C:\Users\Akshay\AppData\Local\Temp\awh53A8.tmp, Quarantined, [b664a5124d3d90a62cf03726a75b916f],
    PUP.Optional.Priceless, C:\Users\Akshay\AppData\Local\Temp\aEA4\temp\Priceless.exe, Quarantined, [fb1f5364d2b83105766881f1f40e43bd],
    Trojan.Cliker, C:\Users\Akshay\Downloads\Skyrim Keygen.rar, Quarantined, [2eec962197f338fe8499d64531d512ee],
    PUP.Optional.InstallCore, C:\Users\Akshay\Downloads\Unconfirmed 790986.crdownload, Quarantined, [0d0dc7f0f8920d2972c1de7018ea41bf],
    PUP.Optional.Amonetize, C:\Users\Akshay\Downloads\south.park.season.4.s04.complete.1080p.x265.hevc.aac.2.0.joy.utr_10924_i10854233_il345.exe, Quarantined, [081287304743ee485226ca71fc066f91],
    PUP.Optional.AudioAds.A, C:\Users\Akshay\AppData\Roaming\adwpqscu\encecal.dll, Quarantined, [79a1efc83f4b75c1f2f581654ab9d42c],
    PUP.Optional.AudioAds.A, C:\Users\Akshay\AppData\Roaming\jensgqtf\encecal.dll, Delete-on-Reboot, [b46620974e3ce84e8661885e9b68fa06],
    PUP.Optional.AudioAds.A, C:\Users\Akshay\AppData\Roaming\xvolvopm\encecal.dll, Quarantined, [55c5f0c784069b9b7671697df310f10f],
    PUP.Optional.AudioAds.A, C:\Users\Akshay\AppData\Roaming\adwpqscu\ticyver.dll, Quarantined, [2feb4c6b850593a3975312d49c6727d9],
    PUP.Optional.AudioAds.A, C:\Users\Akshay\AppData\Roaming\jensgqtf\ticyver.dll, Quarantined, [5cbe4077434773c3a24831b5e32031cf],
    PUP.Optional.AudioAds.A, C:\Users\Akshay\AppData\Roaming\xvolvopm\ticyver.dll, Quarantined, [f426caed9eec7cba5298c91d48bb19e7],
    PUP.Optional.SndVol.A, C:\Windows\SysWOW64\config\systemprofile\sndvol.exe, Quarantined, [f723744322688babb27bc52241c2a55b],
    PUP.Optional.SweetIM.C, C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx, Quarantined, [d149d6e10684330348694da024df0bf5],
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\64.ico, Quarantined, [0f0bb00784069d993e9b9053966d8d73],
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\libeay32.dll, Quarantined, [0f0bb00784069d993e9b9053966d8d73],
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\nfapi.dll, Quarantined, [0f0bb00784069d993e9b9053966d8d73],
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\nfregdrv.exe, Quarantined, [0f0bb00784069d993e9b9053966d8d73],
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\ProtocolFilters.dll, Quarantined, [0f0bb00784069d993e9b9053966d8d73],
    PUP.Optional.Coupoon.A, C:\Program Files (x86)\Coupoon\ssleay32.dll, Quarantined, [0f0bb00784069d993e9b9053966d8d73],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z, Quarantined, [97830fa8345671c5a6cf95516f941de3],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll, Quarantined, [97830fa8345671c5a6cf95516f941de3],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub\W3IV6-G\Setup.ini, Quarantined, [97830fa8345671c5a6cf95516f941de3],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  16. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    # AdwCleaner v4.206 - Logfile created 06/06/2015 at 02:04:15
    # Updated 01/06/2015 by Xplode
    # Database : 2015-06-05.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Akshay - AKSHAY-PC
    # Running from : C:\Users\Akshay\Desktop\adwcleaner_4.206.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\BasicServe
    Folder Deleted : C:\ProgramData\Fighters
    Folder Deleted : C:\ProgramData\Winferno
    Folder Deleted : C:\ProgramData\5638552006230216887
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
    Folder Deleted : C:\Users\Public\Documents\tencent
    Folder Deleted : C:\Program Files (x86)\BasicServe
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\eSupport.com
    Folder Deleted : C:\Program Files (x86)\MyPCBU
    Folder Deleted : C:\Program Files (x86)\app_setup
    Folder Deleted : C:\Program Files (x86)\tencent
    Folder Deleted : C:\Program Files (x86)\Common Files\tencent
    Folder Deleted : C:\Users\Akshay\AppData\Local\Conduit
    Folder Deleted : C:\Users\Akshay\AppData\Local\DownloadTerms
    Folder Deleted : C:\Users\Akshay\AppData\Local\eSupport.com
    Folder Deleted : C:\Users\Akshay\AppData\Local\Software_Updater
    Folder Deleted : C:\Users\Akshay\AppData\Local\SoftwareUpdater
    Folder Deleted : C:\Users\Akshay\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Akshay\AppData\Roaming\Oxy
    Folder Deleted : C:\Users\Akshay\AppData\Roaming\tencent
    Folder Deleted : C:\Users\Akshay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
    [!] Folder Deleted : C:\Users\Akshay\Desktop\hosts
    File Deleted : C:\END
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\Users\Public\Desktop\Find Drivers with DriverAgent.lnk
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Users\Akshay\Desktop\Find Drivers with DriverAgent.lnk
    File Deleted : C:\Users\Akshay\AppData\Roaming\Mozilla\Firefox\Profiles\j0nrwl47.default\invalidprefs.js
    File Deleted : C:\Users\Akshay\AppData\Roaming\Mozilla\Firefox\Profiles\j0nrwl47.default\user.js

    ***** [ Scheduled tasks ] *****

    Task Deleted : RunAsStdUser Task
    Task Deleted : amiupdaterExd
    Task Deleted : amiupdaterExi

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\d
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
    Key Deleted : HKCU\Software\f5788dfb73ae515
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKCU\Software\Escolade
    Key Deleted : HKCU\Software\eSupport.com
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKCU\Software\Winferno
    Key Deleted : HKCU\Software\sidecom
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Babylon
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\Delta
    Key Deleted : HKLM\SOFTWARE\InfoAtoms
    Key Deleted : HKLM\SOFTWARE\Playbryte
    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverAgent_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adbabylon.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playsushi.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.fr
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\timesheraldonline.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.softonic.fr
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.yourtango.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yourtango.com

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)

    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\[...]
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://home.sweetim.com/?src=97&barid=$toolbar_id;&crg=$cargo;");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://tbsrv1.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://www.sweetim.com/uninstallbar.asp?barid=$toolbar_id;");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.sweetim.com/help_contact.asp");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://www.sweetim.com");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.sweetim.com/eula.html#privacy");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://search.sweetim.com/search.asp?barid=$toolbar_id;");
    [j0nrwl47.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/");

    -\\ Google Chrome v43.0.2357.81

    [C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=119776&tt=gc_&babsrc=SP_ss&mntrId=DAF600FFFA134F11
    [C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&affID=119776&tt=gc_&babsrc=SP_ss&mntrId=DAF600FFFA134F11
    [C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    -\\ Chromium v


    *************************

    AdwCleaner[R0].txt - [9457 bytes] - [06/06/2015 01:51:47]
    AdwCleaner[S0].txt - [9458 bytes] - [06/06/2015 02:04:15]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9517 bytes] ##########
     
  17. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.8.8 (06.03.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Akshay on Sat 06/06/2015 at 2:14:00.87
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A8AAF008C3666D54563FD635A6C1F11A
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211141126}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211141126}



    ~~~ Files

    Failed to delete: [File] C:\Users\Akshay\AppData\Roaming\lijzxatq\encecal.dll [Adware.Hicosmea]
    Successfully deleted: [File] C:\Users\Akshay\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage
    Successfully deleted: [File] C:\Users\Akshay\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage-journal
    Successfully deleted: [File] C:\Users\Akshay\AppData\Roaming\lkmagdnf\encecal.dll [Adware.Hicosmea]



    ~~~ Folders

    Failed to delete: [Folder] C:\Users\Akshay\AppData\Roaming\lijzxatq [Adware.Hicosmea]
    Successfully deleted: [Folder] C:\ProgramData\abc
    Successfully deleted: [Folder] C:\ProgramData\esellerate
    Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
    Successfully deleted: [Folder] C:\Users\Akshay\AppData\Roaming\lkmagdnf [Adware.Hicosmea]



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net
    Successfully deleted: [Folder] C:\Users\Akshay\AppData\Roaming\mozilla\firefox\profiles\j0nrwl47.default\extensions\staged
    Successfully deleted the following from C:\Users\Akshay\AppData\Roaming\mozilla\firefox\profiles\j0nrwl47.default\prefs.js

    user_pref(CT3288627_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1367758773952,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
    user_pref(extensions.delta.admin, false);
    user_pref(extensions.delta.aflt, babsst);
    user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
    user_pref(extensions.delta.autoRvrt, false);
    user_pref(extensions.delta.dfltLng, en);
    user_pref(extensions.delta.excTlbr, false);
    user_pref(extensions.delta.ffxUnstlRst, true);
    user_pref(extensions.delta.id, daf6369d00000000000000fffa134f11);
    user_pref(extensions.delta.instlDay, 15828);
    user_pref(extensions.delta.instlRef, sst);
    user_pref(extensions.delta.newTab, false);
    user_pref(extensions.delta.prdct, delta);
    user_pref(extensions.delta.prtnrId, delta);
    user_pref(extensions.delta.rvrt, false);
    user_pref(extensions.delta.smplGrp, none);
    user_pref(extensions.delta.tlbrId, base);
    user_pref(extensions.delta.tlbrSrchUrl, );
    user_pref(extensions.delta.vrsn, 1.8.16.16);
    user_pref(extensions.delta.vrsnTs, 1.8.16.164:06:29);
    user_pref(extensions.delta.vrsni, 1.8.16.16);
    user_pref(sweetim.toolbar.RevertDialog.enable, false);
    user_pref(sweetim.toolbar.SearchBoxLogo, );
    user_pref(sweetim.toolbar.SearchBoxText, );
    user_pref(sweetim.toolbar.UserSelectedSaveSettings, true);
    user_pref(sweetim.toolbar.Visibility.VisibilityGuardLastUnHide, 0);
    user_pref(sweetim.toolbar.Visibility.enable, true);
    user_pref(sweetim.toolbar.Visibility.intervaldays, 7);
    user_pref(sweetim.toolbar.cda.DisableOveride.enable, true);
    user_pref(sweetim.toolbar.cda.HideOveride.enable, true);
    user_pref(sweetim.toolbar.cda.RemoveOveride.enable, true);
    user_pref(sweetim.toolbar.defaultProvider, );
    user_pref(sweetim.toolbar.dialogs.0.enable, true);
    user_pref(sweetim.toolbar.dialogs.0.handler, chrome://sim_toolbar_package/content/optionsdialog-handler.js);
    user_pref(sweetim.toolbar.dialogs.0.height, 335);
    user_pref(sweetim.toolbar.dialogs.0.id, id_options_dialog);
    user_pref(sweetim.toolbar.dialogs.0.title, $string.config.label;);
    user_pref(sweetim.toolbar.dialogs.0.width, 761);
    user_pref(sweetim.toolbar.dialogs.1.enable, true);
    user_pref(sweetim.toolbar.dialogs.1.handler, chrome://sim_toolbar_package/content/exampledialog-handler.js);
    user_pref(sweetim.toolbar.dialogs.1.height, 300);
    user_pref(sweetim.toolbar.dialogs.1.id, id_example_dialog);
    user_pref(sweetim.toolbar.dialogs.1.title, Example (unit-test) dialog);
    user_pref(sweetim.toolbar.dialogs.1.url, chrome://sim_toolbar_package/content/exampledialog.html);
    user_pref(sweetim.toolbar.dialogs.1.width, 500);
    user_pref(sweetim.toolbar.dialogs.2.enable, true);
    user_pref(sweetim.toolbar.dialogs.2.handler, chrome://sim_toolbar_package/content/cdadialog-handler.js);
    user_pref(sweetim.toolbar.dialogs.2.height, 150);
    user_pref(sweetim.toolbar.dialogs.2.id, id_dialog_hide_disable_remove);
    user_pref(sweetim.toolbar.dialogs.2.title, Option Dialog);
    user_pref(sweetim.toolbar.dialogs.2.width, 530);
    user_pref(sweetim.toolbar.highlight.colors, #FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0);
    user_pref(sweetim.toolbar.keywordUrlGuard.enable, false);
    user_pref(sweetim.toolbar.logger.ConsoleHandler.MinReportLevel, 7);
    user_pref(sweetim.toolbar.logger.FileHandler.FileName, ff-toolbar.log);
    user_pref(sweetim.toolbar.logger.FileHandler.MaxFileSize, 200000);
    user_pref(sweetim.toolbar.logger.FileHandler.MinReportLevel, 7);
    user_pref(sweetim.toolbar.mode.debug, false);
    user_pref(sweetim.toolbar.newtab.created, true);
    user_pref(sweetim.toolbar.newtab.enable, true);
    user_pref(sweetim.toolbar.previous.browser.newtab.url, about:newtab);
    user_pref(sweetim.toolbar.previous.keyword.URL, );
    user_pref(sweetim.toolbar.scripts.0.addcontextdiv, true);
    user_pref(sweetim.toolbar.scripts.0.callback, simVerification);
    user_pref(sweetim.toolbar.scripts.0.domain-blacklist, );
    user_pref(sweetim.toolbar.scripts.0.domain-whitelist, hxxp://(www.|apps.)?facebook\\.com.*);
    user_pref(sweetim.toolbar.scripts.0.elementid, id_script_sim_fb);
    user_pref(sweetim.toolbar.scripts.0.enable, false);
    user_pref(sweetim.toolbar.scripts.0.id, id_script_fb);
    user_pref(sweetim.toolbar.scripts.1.addcontextdiv, true);
    user_pref(sweetim.toolbar.scripts.1.callback, simVerification);
    user_pref(sweetim.toolbar.scripts.1.domain-blacklist, );
    user_pref(sweetim.toolbar.scripts.1.domain-whitelist, hxxps://(www.|apps.)?facebook\\.com.*);
    user_pref(sweetim.toolbar.scripts.1.elementid, id_script_sim_fb);
    user_pref(sweetim.toolbar.scripts.1.enable, false);
    user_pref(sweetim.toolbar.scripts.1.id, id_script_fb_hxxpS);
    user_pref(sweetim.toolbar.scripts.2.addcontextdiv, false);
    user_pref(sweetim.toolbar.scripts.2.callback, );
    user_pref(sweetim.toolbar.scripts.2.domain-whitelist, );
    user_pref(sweetim.toolbar.scripts.2.elementid, id_predict_include_script);
    user_pref(sweetim.toolbar.scripts.2.enable, false);
    user_pref(sweetim.toolbar.scripts.2.id, id_script_prad);
    user_pref(sweetim.toolbar.scripts.2.url, hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1);
    user_pref(sweetim.toolbar.search.external, <?xml version=\1.0\?><TOOLBAR><EXTERNAL_SEARCH engine=\hxxp://*google.*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://sear
    user_pref(sweetim.toolbar.search.history.capacity, 10);
    user_pref(sweetim.toolbar.searchguard.enable, false);
    user_pref(sweetim.toolbar.searchguard.initialized_by_rc, true);
    user_pref(sweetim.toolbar.simapp_id, {1FC35BB4-950E-11E2-93F8-685D43F2A0F7});
    user_pref(sweetim.toolbar.version, 1.12.0.0);
    Emptied folder: C:\Users\Akshay\AppData\Roaming\mozilla\firefox\profiles\j0nrwl47.default\minidumps [11 files]



    ~~~ Chrome


    [C:\Users\Akshay\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Akshay\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Akshay\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Akshay\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    [
    eooncjejnppfjjklapaamhcdmjbilmde,
    niapdbllcanepiiimjjndipklodoedlc,
    ogccgbmabaphcakpiclgcnmcnimhokcj,
    oleomanaehojaiigacblenknbkhfdicd
    ]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 06/06/2015 at 2:17:58.83
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  19. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    ComboFix 15-05-31.01 - Akshay 06/06/2015 12:46:09.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8067.6333 [GMT -4:00]
    Running from: c:\users\Akshay\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\progra~2\COMMON~1\{F0A37~1
    c:\progra~2\COMMON~1\{F0A37~1\Setup.exe
    c:\program files (x86)\lol
    c:\program files (x86)\lol\League of legends\0x0409.ini
    c:\program files (x86)\lol\League of legends\data1.cab
    c:\program files (x86)\lol\League of legends\data1.hdr
    c:\program files (x86)\lol\League of legends\data2.cab
    c:\program files (x86)\lol\League of legends\ISSetup.dll
    c:\program files (x86)\lol\League of legends\layout.bin
    c:\program files (x86)\lol\League of legends\setup.exe
    c:\program files (x86)\lol\League of legends\setup.ini
    c:\program files (x86)\lol\League of legends\setup.inx
    c:\program files (x86)\lol\League of legends\setup.isn
    c:\programdata\Roaming
    c:\users\Public\sdelevURL.tmp
    c:\windows\msdownld.tmp
    c:\windows\SysWow64\config\systemprofile\user.exe
    c:\windows\SysWow64\html
    c:\windows\SysWow64\images
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-05-06 to 2015-06-06 )))))))))))))))))))))))))))))))
    .
    .
    2015-06-06 16:59 . 2015-06-06 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-06-06 16:43 . 2015-06-06 16:43 -------- d-----w- c:\users\Akshay\AppData\Roaming\ertlzygk
    2015-06-06 16:39 . 2015-06-06 16:39 -------- d-----w- c:\users\Akshay\AppData\Roaming\rmbdriyp
    2015-06-06 16:31 . 2015-06-06 16:31 -------- d-----w- c:\users\Akshay\AppData\Roaming\ifzvhgbc
    2015-06-06 08:19 . 2015-06-06 08:19 -------- d-----w- c:\users\Akshay\AppData\Roaming\dkfgmfmz
    2015-06-06 06:19 . 2015-06-06 06:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64E721A2-CCE1-4C4D-9305-CBE2FAC24465}\offreg.6072.dll
    2015-06-06 06:14 . 2015-06-06 06:14 -------- d-----w- C:\RegBackup
    2015-06-06 05:51 . 2015-06-06 06:04 -------- d-----w- C:\AdwCleaner
    2015-06-06 05:51 . 2015-06-06 06:15 -------- d-----w- c:\users\Akshay\AppData\Roaming\lijzxatq
    2015-06-06 05:38 . 2009-07-14 01:14 8192 ----a-w- c:\windows\SysWow64\config\systemprofile\systray.exe
    2015-06-06 03:08 . 2015-06-06 04:08 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-06-06 03:08 . 2015-06-06 03:09 -------- d-----w- c:\programdata\RogueKiller
    2015-06-05 22:36 . 2015-06-05 22:36 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
    2015-06-05 22:14 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64E721A2-CCE1-4C4D-9305-CBE2FAC24465}\mpengine.dll
    2015-06-05 17:25 . 2015-06-06 05:41 -------- d-----w- c:\users\Akshay\AppData\Roaming\jensgqtf
    2015-06-05 06:19 . 2015-06-06 05:38 -------- d-----w- c:\users\Akshay\AppData\Roaming\xvolvopm
    2015-06-05 00:54 . 2015-06-06 05:38 -------- d-----w- c:\users\Akshay\AppData\Roaming\adwpqscu
    2015-06-05 00:39 . 2015-06-05 22:41 -------- d-----w- C:\FRST
    2015-06-05 00:29 . 2015-06-05 00:29 -------- d-----w- c:\users\Akshay\AppData\Roaming\AVAST Software
    2015-06-05 00:26 . 2015-06-05 00:26 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2015-06-05 00:26 . 2015-06-05 00:26 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-06-05 00:26 . 2015-06-05 00:26 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2015-06-05 00:26 . 2015-06-05 00:26 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-06-05 00:26 . 2015-06-05 00:26 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2015-06-05 00:26 . 2015-06-05 00:26 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-06-05 00:26 . 2015-06-05 00:26 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2015-06-05 00:26 . 2015-06-05 00:25 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2015-06-05 00:26 . 2015-06-05 00:26 364472 ----a-w- c:\windows\system32\aswBoot.exe
    2015-06-05 00:25 . 2015-06-05 00:25 43112 ----a-w- c:\windows\avastSS.scr
    2015-06-05 00:25 . 2015-06-05 00:25 -------- d-----w- c:\program files\AVAST Software
    2015-06-05 00:24 . 2015-06-05 00:24 -------- d-----w- c:\programdata\AVAST Software
    2015-06-03 04:27 . 2015-06-03 04:27 -------- d-----w- c:\program files (x86)\Dell Update
    2015-05-25 03:33 . 2015-06-01 22:39 -------- d-----w- c:\program files (x86)\Heroes of the Storm
    2015-05-25 03:25 . 2015-05-25 03:25 -------- d-----w- c:\users\Akshay\AppData\Local\Blizzard Entertainment
    2015-05-25 03:25 . 2015-06-01 23:09 -------- d-----w- c:\users\Akshay\AppData\Local\Battle.net
    2015-05-25 03:25 . 2015-05-25 03:32 -------- d-----w- c:\users\Akshay\AppData\Roaming\Battle.net
    2015-05-25 03:25 . 2015-06-01 22:35 -------- d-----w- c:\program files (x86)\Battle.net
    2015-05-25 03:25 . 2015-05-25 04:13 -------- d-----w- c:\programdata\Blizzard Entertainment
    2015-05-25 03:22 . 2015-05-25 03:22 -------- d-----w- c:\programdata\Battle.net
    2015-05-25 01:24 . 2015-05-25 01:24 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2015-05-22 16:46 . 2015-05-22 16:46 -------- d-----w- c:\windows\SysWow64\config\systemprofile\locales
    2015-05-22 08:57 . 2015-05-22 23:15 -------- d-----w- c:\program files (x86)\Rockstar Games
    2015-05-22 08:56 . 2015-05-22 23:14 -------- d-----w- c:\program files\Rockstar Games
    2015-05-16 21:17 . 2015-05-16 21:17 -------- d-----w- c:\windows\CheckSur
    2015-05-12 17:51 . 2015-05-12 17:51 -------- d-----w- c:\program files\TipMediaPlayer
    2015-05-11 17:21 . 2015-05-11 17:21 -------- d-----w- c:\users\Akshay\AppData\Roaming\MK10
    2015-05-11 04:43 . 2015-05-11 17:45 -------- d-----w- c:\program files (x86)\Mortal Kombat X
    2015-05-09 00:32 . 2015-05-17 10:38 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2015-05-08 00:12 . 2015-05-08 00:12 -------- d-----w- C:\Spacekace
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-06-06 05:45 . 2015-04-18 15:43 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-06-05 00:36 . 2012-08-04 08:15 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-06-05 00:36 . 2012-08-04 08:15 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-05-04 16:03 . 2015-05-04 16:03 53248 ----a-w- c:\windows\SysWow64\memacc.dll
    2015-05-04 16:03 . 2015-05-04 16:03 33664 ----a-w- c:\windows\SysWow64\drivers\memacc.sys
    2015-05-04 16:03 . 2015-05-04 16:03 13880 ----a-w- c:\windows\SysWow64\drivers\zntport.sys
    2015-05-04 16:03 . 2015-05-04 16:03 116152 ----a-w- c:\windows\SysWow64\ntport.dll
    2015-04-23 18:17 . 2015-04-23 18:17 13824 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
    2015-04-22 01:53 . 2015-04-22 01:54 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2015-04-22 01:53 . 2015-04-22 01:53 0 ----a-w- c:\windows\system32\REND1E6.tmp
    2015-04-21 13:14 . 2015-04-21 13:14 0 ----a-w- c:\windows\system32\RENC0F6.tmp
    2015-04-18 22:55 . 2014-01-23 21:46 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-04-16 00:46 . 2015-04-15 23:47 18178736 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2015-04-14 13:37 . 2015-04-18 15:42 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-04-14 13:37 . 2015-04-18 15:42 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-04-14 13:37 . 2014-02-25 20:44 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-03 15:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll
    2010-08-03 15:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-01-04 09:47 220632 ----a-w- c:\users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-01-04 09:47 220632 ----a-w- c:\users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-01-04 09:47 220632 ----a-w- c:\users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2012-02-14 22:58 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify Web Helper"="c:\users\Akshay\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-06-01 2021944]
    "Spotify"="c:\users\Akshay\AppData\Roaming\Spotify\Spotify.exe" [2015-06-01 7323192]
    "uTorrent"="c:\users\Akshay\AppData\Roaming\uTorrent\uTorrent.exe" [2015-05-06 1694560]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-08 8202008]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
    "Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2015-04-30 3095840]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-21 291280]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-05 5515496]
    .
    c:\users\Akshay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
    R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MEMACC;MEMACC;c:\windows\system32\drivers\memacc.sys;c:\windows\SYSNATIVE\drivers\memacc.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
    R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x]
    R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
    R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    R4 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
    R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    R4 CAMService;CAM Service;c:\program files\Intel\CAM\bin\CAMService.exe;c:\program files\Intel\CAM\bin\CAMService.exe [x]
    R4 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
    R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
    R4 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    R4 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [x]
    R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    R4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 rtcrfilt64;Realtek Turbo Mode Filter Driver;c:\windows\system32\DRIVERS\rtcrfilt64.sys;c:\windows\SYSNATIVE\DRIVERS\rtcrfilt64.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 ETD;Dell Touchpad;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-05-25 23:01 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 00:36]
    .
    2015-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-09 00:45]
    .
    2015-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-09 00:45]
    .
    2015-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000Core.job
    - c:\users\Akshay\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-06 21:00]
    .
    2015-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000UA.job
    - c:\users\Akshay\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-06 21:00]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-01-04 09:47 244696 ----a-w- c:\users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-01-04 09:47 244696 ----a-w- c:\users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-01-04 09:47 244696 ----a-w- c:\users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-06-05 00:26 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2012-02-14 22:58 190992 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2012-02-21 1654400]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
    "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2014-11-19 4878752]
    "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-11-16 11585408]
    "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-31 36352]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/?trackid=sp-006
    mStart Page = https://www.google.com/?trackid=sp-006
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    mSearch Bar = https://www.google.com/?trackid=sp-006
    mDefault_Page_URL = hxxp://www.google.com
    IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: dell.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    FF - ProfilePath - c:\users\Akshay\AppData\Roaming\Mozilla\Firefox\Profiles\j0nrwl47.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    AddRemove-PunkBusterSvc - c:\program files (x86)\STEAM\STEAMAPPS\COMMON\APB RELOADED\Binaries\pbsvc_apb.exe
    AddRemove-QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1 - c:\program files (x86)\Assassins Creed IV Black Flag\unins000.exe
    AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
    AddRemove-{173F2B02-2AAA-414F-A2D8-44870BB98F7A} - c:\program files (x86)\InstallShield Installation Information\{173F2B02-2AAA-414F-A2D8-44870BB98F7A}\setup.exe
    AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
    AddRemove-{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88} - c:\program files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.17"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-06-06 13:06:11
    ComboFix-quarantined-files.txt 2015-06-06 17:06
    .
    Pre-Run: 46,017,089,536 bytes free
    Post-Run: 47,171,211,264 bytes free
    .
    - - End Of File - - FF2395F82E84F859B9CF2EDC476EE98D
    5C616939100B85E558DA92B899A0FC36
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  21. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
    Ran by Akshay (administrator) on AKSHAY-PC on 06-06-2015 20:29:31
    Running from C:\Users\Akshay\Desktop
    Loaded Profiles: Akshay (Available Profiles: Akshay)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel(R) Corporation) C:rotindows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Spotify Ltd) C:\Users\Akshay\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
    () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.246\deploy\LoLLauncher.exe
    () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.30\deploy\LoLPatcher.exe
    () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.147\deploy\LolClient.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2878728 2014-04-16] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
    HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
    HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4878752 2014-11-19] (Intel(R) Corporation)
    HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-04] (Avast Software s.r.o.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [Spotify Web Helper] => C:\Users\Akshay\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-01] (Spotify Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [Spotify] => C:\Users\Akshay\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-06-01] (Spotify Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [uTorrent] => C:\Users\Akshay\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2015-04-30] (Nota Inc.)
    Startup: C:\Users\Akshay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2015-05-04]
    ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-04] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
    SearchScopes: HKLM -> {BCDA109D-38D2-4DA3-84F5-43A348A94C54} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {BCDA109D-38D2-4DA3-84F5-43A348A94C54} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-04] (Avast Software s.r.o.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
    BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-12-17] (Perfect World Entertainment Inc)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-04] (Avast Software s.r.o.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
    DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Akshay\AppData\Roaming\Mozilla\Firefox\Profiles\j0nrwl47.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-04] ()
    FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-04] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-12-17] (Perfect World Entertainment Inc)
    FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2090909380-4087199382-2303749201-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2090909380-4087199382-2303749201-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2090909380-4087199382-2303749201-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-08-24] ()
    FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2015-03-01]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-04]
    FF HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Firefox\Extensions: [{03DCCC24-08BE-11E2-8271-B8AC6F996F26}] - C:\Users\Akshay\AppData\Local\{03DCCC24-08BE-11E2-8271-B8AC6F996F26}
    FF Extension: Mozilla Safe Browsing - C:\Users\Akshay\AppData\Local\{03DCCC24-08BE-11E2-8271-B8AC6F996F26} [2012-09-27]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-13]
    CHR Extension: (Google Search) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-13]
    CHR Extension: (Google Cast (Beta)) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2015-05-26]
    CHR Extension: (Youtube to MP3 Converter - High Quality) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllepdkfbbinindpblacdckjaflfjdmj [2013-03-11]
    CHR Extension: (Avast Online Security) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-04]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-22]
    CHR Extension: (Reload All Tabs) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2013-10-10]
    CHR Extension: (Google Mail Checker) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-02-28]
    CHR Extension: (Google Wallet) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-22]
    CHR Extension: (Gmail) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-13]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-04]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-17] (Perfect World Entertainment Inc)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-04] (Avast Software s.r.o.)
    S4 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
    S4 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-05-18] (Conexant Systems, Inc.)
    S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
    S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
    S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
    S4 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [24064 2012-12-14] () [File not signed]
    S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-10] ()
    S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-04] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-04] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-04] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-04] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-04] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-04] ()
    S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2014-11-18] ()
    R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
    R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [350096 2012-02-14] (EldoS Corporation)
    S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-04-23] (Phoenix Technologies) [File not signed]
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-23] (DT Soft Ltd)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
    R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-05-20] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
    S3 MEMACC; C:\Windows\SysWOW64\drivers\memacc.sys [33664 2015-05-04] (Zeal SoftStudio) [File not signed]
    R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11523584 2014-12-19] (Intel Corporation)
    R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.)
    S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
    S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
    S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-06] ()
    S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
    S3 zntport; C:\Windows\SysWOW64\drivers\zntport.sys [13880 2015-05-04] (Zeal SoftStudio)
    U3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-06 20:27 - 2015-06-06 20:28 - 00057255 _____ C:\Users\Akshay\Desktop\Addition.txt
    2015-06-06 13:06 - 2015-06-06 13:06 - 00035726 _____ C:\ComboFix.txt
    2015-06-06 12:43 - 2015-06-06 12:43 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\ertlzygk
    2015-06-06 12:43 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-06-06 12:43 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-06-06 12:43 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-06-06 12:43 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-06-06 12:43 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-06-06 12:43 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
    2015-06-06 12:43 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
    2015-06-06 12:43 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
    2015-06-06 12:40 - 2015-06-06 13:06 - 00000000 ____D C:\Qoobox
    2015-06-06 12:39 - 2015-06-06 13:03 - 00000000 ____D C:\Windows\erdnt
    2015-06-06 12:39 - 2015-06-06 12:39 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\rmbdriyp
    2015-06-06 12:31 - 2015-06-06 12:31 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\ifzvhgbc
    2015-06-06 12:23 - 2015-06-06 12:24 - 05628238 ____R (Swearware) C:\Users\Akshay\Downloads\ComboFix.exe
    2015-06-06 04:19 - 2015-06-06 04:19 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\dkfgmfmz
    2015-06-06 02:17 - 2015-06-06 02:17 - 00008727 _____ C:\Users\Akshay\Desktop\JRT.txt
    2015-06-06 02:14 - 2015-06-06 02:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-AKSHAY-PC-Windows-7-Home-Premium-(64-bit).dat
    2015-06-06 02:14 - 2015-06-06 02:14 - 00000000 ____D C:\RegBackup
    2015-06-06 01:51 - 2015-06-06 02:15 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\lijzxatq
    2015-06-06 01:51 - 2015-06-06 02:04 - 00000000 ____D C:\AdwCleaner
    2015-06-06 01:47 - 2015-06-06 01:47 - 00007748 _____ C:\Users\Akshay\Desktop\MbamScan.txt
    2015-06-05 23:08 - 2015-06-06 00:08 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-06-05 23:08 - 2015-06-05 23:09 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-06-05 22:56 - 2015-06-05 22:57 - 02942610 _____ (Thisisu) C:\Users\Akshay\Desktop\JRT.exe
    2015-06-05 22:56 - 2015-06-05 22:57 - 02231296 _____ C:\Users\Akshay\Desktop\adwcleaner_4.206.exe
    2015-06-05 22:53 - 2015-06-05 22:58 - 17637624 _____ C:\Users\Akshay\Desktop\RogueKiller.exe
    2015-06-05 22:24 - 2015-06-06 20:26 - 00007616 _____ C:\Users\Akshay\AppData\Local\Resmon.ResmonCfg
    2015-06-05 18:52 - 2015-06-06 01:39 - 00000112 _____ C:\ProgramData\hf6Arut.dat
    2015-06-05 18:36 - 2015-06-05 18:36 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
    2015-06-05 13:25 - 2015-06-06 01:41 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\jensgqtf
    2015-06-05 02:19 - 2015-06-06 01:38 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\xvolvopm
    2015-06-04 20:54 - 2015-06-06 01:38 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\adwpqscu
    2015-06-04 20:39 - 2015-06-06 20:29 - 00024033 _____ C:\Users\Akshay\Desktop\FRST.txt
    2015-06-04 20:39 - 2015-06-06 20:29 - 00000000 ____D C:\FRST
    2015-06-04 20:32 - 2015-06-04 20:32 - 00003212 _____ C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe
    2015-06-04 20:29 - 2015-06-04 20:29 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\AVAST Software
    2015-06-04 20:27 - 2015-06-04 20:27 - 00001884 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-06-04 20:27 - 2015-06-04 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-06-04 20:26 - 2015-06-04 20:26 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-06-04 20:26 - 2015-06-04 20:26 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-06-04 20:26 - 2015-06-04 20:25 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-06-04 20:25 - 2015-06-04 20:25 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-06-04 20:25 - 2015-06-04 20:25 - 00000000 ____D C:\Program Files\AVAST Software
    2015-06-04 20:24 - 2015-06-04 20:24 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-06-04 20:22 - 2015-06-04 20:22 - 02108928 _____ (Farbar) C:\Users\Akshay\Desktop\FRST64.exe
    2015-06-04 20:21 - 2015-06-04 20:24 - 152923328 _____ (Avast Software s.r.o.) C:\Users\Akshay\Downloads\avast_free_antivirus_setup.exe
    2015-06-04 17:23 - 2015-06-04 17:32 - 00000000 ____D C:\Users\Akshay\Downloads\Workaholics - The Complete Season 3 [HDTV]
    2015-06-04 05:25 - 2015-06-04 05:25 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-04 05:21 - 2015-06-04 05:24 - 08436976 _____ (Auslogics Labs Pty Ltd ) C:\Users\Akshay\Downloads\fix-my-pc-setup.exe
    2015-06-03 00:27 - 2015-06-03 00:27 - 00000000 ____D C:\Program Files (x86)\Dell Update
    2015-05-28 13:50 - 2015-05-28 13:50 - 00000000 ____D C:\Users\Akshay\Downloads\South Park Season 5 DvDrip-McTav
    2015-05-25 00:12 - 2015-05-25 00:18 - 00000000 ____D C:\Users\Akshay\Documents\Heroes of the Storm
    2015-05-25 00:11 - 2015-05-25 00:11 - 00001195 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
    2015-05-25 00:11 - 2015-05-25 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
    2015-05-24 23:33 - 2015-06-01 18:39 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
    2015-05-24 23:25 - 2015-06-01 19:09 - 00000000 ____D C:\Users\Akshay\AppData\Local\Battle.net
    2015-05-24 23:25 - 2015-06-01 18:35 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2015-05-24 23:25 - 2015-05-25 00:13 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
    2015-05-24 23:25 - 2015-05-24 23:32 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Battle.net
    2015-05-24 23:25 - 2015-05-24 23:25 - 00001150 _____ C:\Users\Public\Desktop\Battle.net.lnk
    2015-05-24 23:25 - 2015-05-24 23:25 - 00000000 ____D C:\Users\Akshay\AppData\Local\Blizzard Entertainment
    2015-05-24 23:25 - 2015-05-24 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    2015-05-24 23:22 - 2015-05-24 23:22 - 00000000 ____D C:\ProgramData\Battle.net
    2015-05-24 23:21 - 2015-05-24 23:21 - 03081784 _____ (Blizzard Entertainment) C:\Users\Akshay\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
    2015-05-24 21:24 - 2015-05-24 21:25 - 00291386 _____ C:\Windows\msxml4-KB954430-enu.LOG
    2015-05-24 21:24 - 2015-05-24 21:24 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2015-05-22 19:30 - 2015-05-22 19:40 - 02454886 _____ C:\Users\Akshay\Downloads\DLL_pack.zip
    2015-05-22 17:17 - 2015-05-22 17:17 - 00001107 _____ C:\Users\Akshay\Desktop\Launcher.exe - Shortcut.lnk
    2015-05-22 12:32 - 2015-05-22 12:34 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5.Fixed-3DM
    2015-05-22 12:27 - 2015-05-22 12:31 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.3(v1.0.335.2).and.Crack.v4-3DM
    2015-05-22 12:05 - 2015-05-22 12:05 - 00031938 _____ C:\Users\Akshay\Downloads\torrent (8)
    2015-05-22 12:05 - 2015-05-22 12:05 - 00031855 _____ C:\Users\Akshay\Downloads\torrent (9)
    2015-05-22 12:04 - 2015-05-22 12:06 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v4-3DM
    2015-05-22 12:04 - 2015-05-22 12:04 - 00031855 _____ C:\Users\Akshay\Downloads\torrent (7)
    2015-05-22 12:04 - 2015-05-22 12:04 - 00031845 _____ C:\Users\Akshay\Downloads\torrent (6)
    2015-05-22 12:03 - 2015-05-22 12:03 - 00031845 _____ C:\Users\Akshay\Downloads\torrent (5)
    2015-05-22 12:03 - 2015-05-22 12:03 - 00031837 _____ C:\Users\Akshay\Downloads\torrent (4)
    2015-05-22 11:21 - 2015-05-22 11:21 - 02763506 _____ C:\Users\Akshay\Downloads\SC-7487RLD.rar
    2015-05-22 10:38 - 2015-05-22 11:09 - 457519249 _____ C:\Users\Akshay\Downloads\SC-748712G.rar
    2015-05-22 06:42 - 2015-05-22 06:42 - 00031845 _____ C:\Users\Akshay\Downloads\torrent (3)
    2015-05-22 06:41 - 2015-05-22 12:27 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.2.and.Crack.v3-3DM
    2015-05-22 06:40 - 2015-05-22 06:41 - 00031938 _____ C:\Users\Akshay\Downloads\torrent (2)
    2015-05-22 06:40 - 2015-05-22 06:41 - 00031837 _____ C:\Users\Akshay\Downloads\torrent (1)
    2015-05-22 06:40 - 2015-05-22 06:40 - 00031845 _____ C:\Users\Akshay\Downloads\torrent
    2015-05-22 05:45 - 2015-05-22 05:45 - 442993748 _____ C:\Users\Akshay\Downloads\Grthftcrv5cr5fxd.rar
    2015-05-22 04:57 - 2015-05-22 19:15 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2015-05-22 04:56 - 2015-05-22 19:14 - 00000000 ____D C:\Program Files\Rockstar Games
    2015-05-22 04:55 - 2015-05-22 17:22 - 00000080 _____ C:\Users\Akshay\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
    2015-05-17 06:35 - 2015-05-17 23:38 - 00000000 ____D C:\Users\Akshay\Downloads\Grand Theft Auto V-FULL UNLOCKED-SG
    2015-05-17 06:34 - 2015-05-17 06:34 - 00165451 _____ C:\Users\Akshay\Downloads\Grand Theft Auto V-FULL UNLOCKED-SG.torrent
    2015-05-17 06:33 - 2015-05-17 06:33 - 00031842 _____ C:\Users\Akshay\Downloads\Grand.Theft.Auto.V.Update.4(v1.0.350.1).and.Crack.v4-3DM (1).torrent
    2015-05-17 06:32 - 2015-05-17 06:32 - 00151666 _____ C:\Users\Akshay\Downloads\Grand.Theft.Auto.V-RELOADED.torrent
    2015-05-17 06:32 - 2015-05-17 06:32 - 00031842 _____ C:\Users\Akshay\Downloads\Grand.Theft.Auto.V.Update.4(v1.0.350.1).and.Crack.v4-3DM.torrent
    2015-05-17 06:25 - 2015-05-17 06:25 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (5).msi
    2015-05-16 17:17 - 2015-05-16 17:17 - 00000000 ____D C:\Windows\CheckSur
    2015-05-12 13:51 - 2015-05-12 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TipMediaPlayer
    2015-05-12 13:51 - 2015-05-12 13:51 - 00000000 ____D C:\Program Files\TipMediaPlayer
    2015-05-12 13:46 - 2015-05-12 13:46 - 00715816 _____ (Application ) C:\Users\Akshay\Downloads\TipMediaPlayer_Setup.exe
    2015-05-12 13:39 - 2015-05-12 13:39 - 00144466 _____ C:\Users\Akshay\Downloads\League of Legends Riot Points Generator.rar
    2015-05-11 21:17 - 2015-05-24 23:07 - 00353120 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-05-11 21:16 - 2015-06-06 02:05 - 00020168 _____ C:\Windows\PFRO.log
    2015-05-11 14:00 - 2015-05-11 14:00 - 00638976 _____ C:\Users\Akshay\Downloads\Detection(1).msi
    2015-05-11 13:56 - 2015-05-11 13:56 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (4).msi
    2015-05-11 13:21 - 2015-05-11 13:21 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\MK10
    2015-05-11 01:28 - 2015-05-11 01:28 - 00018491 _____ C:\Windows\DirectX.log
    2015-05-11 00:43 - 2015-05-11 13:45 - 00000000 ____D C:\Program Files (x86)\Mortal Kombat X
    2015-05-09 13:12 - 2015-06-06 02:05 - 00003864 _____ C:\Windows\setupact.log
    2015-05-09 13:12 - 2015-05-09 13:12 - 00000000 _____ C:\Windows\setuperr.log
    2015-05-08 20:52 - 2015-05-08 20:52 - 02333416 _____ (Intel) C:\Users\Akshay\Downloads\Intel Driver Update Utility Installer (1).exe
    2015-05-08 20:47 - 2015-05-25 19:04 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-05-08 20:47 - 2015-05-08 20:48 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (3).msi
    2015-05-08 20:47 - 2015-05-08 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-05-08 20:46 - 2015-06-06 20:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-08 20:46 - 2015-06-06 20:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-08 20:46 - 2015-05-16 17:52 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-05-08 20:46 - 2015-05-16 17:52 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-08 20:32 - 2015-05-17 06:38 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
    2015-05-08 20:21 - 2015-05-08 20:21 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (2).msi
    2015-05-08 20:15 - 2015-05-08 20:15 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (1).msi
    2015-05-08 18:54 - 2015-05-08 18:54 - 00638976 _____ C:\Users\Akshay\Downloads\Detection.msi
    2015-05-08 14:29 - 2015-05-08 14:29 - 00089856 _____ C:\Users\Akshay\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-05-07 20:22 - 2015-05-07 20:23 - 06482752 _____ (Piriform Ltd) C:\Users\Akshay\Downloads\ccsetup505pro.exe
    2015-05-07 20:12 - 2015-05-07 20:12 - 00000000 ____D C:\Spacekace
    2015-05-07 20:11 - 2015-05-07 20:12 - 03068896 _____ C:\Users\Akshay\Downloads\Setup_DriverDoc_2015.exe
    2015-05-07 20:07 - 2015-05-07 20:07 - 03894696 _____ (solvusoft Corporation ) C:\Users\Akshay\Downloads\Setup_WinThruster_2015.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-06 20:21 - 2015-01-06 17:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000UA.job
    2015-06-06 20:18 - 2012-08-04 04:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-06 20:17 - 2012-08-04 04:13 - 01449886 _____ C:\Windows\WindowsUpdate.log
    2015-06-06 14:50 - 2013-01-26 13:44 - 00000000 ____D C:\Users\Akshay\AppData\Local\Spotify
    2015-06-06 13:21 - 2015-01-06 17:00 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000Core.job
    2015-06-06 13:19 - 2014-01-31 11:31 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Spotify
    2015-06-06 13:10 - 2012-08-20 20:00 - 00000000 ____D C:\Users\Akshay\AppData\Local\Apps\2.0
    2015-06-06 13:06 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
    2015-06-06 13:00 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
    2015-06-06 02:14 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-06 02:14 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-06 02:08 - 2012-11-21 22:03 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\uTorrent
    2015-06-06 02:06 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-06 01:45 - 2015-04-18 11:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-06-06 01:40 - 2009-07-14 01:37 - 00000000 ____D C:\Windows\DigitalLocker
    2015-06-05 22:23 - 2012-08-22 01:31 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\vlc
    2015-06-05 18:41 - 2012-08-20 18:53 - 00000000 ____D C:\Users\Akshay
    2015-06-05 18:36 - 2012-08-04 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2015-06-04 20:41 - 2012-08-04 04:44 - 00000000 ____D C:\ProgramData\Skype
    2015-06-04 20:40 - 2012-08-20 21:48 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Skype
    2015-06-04 20:37 - 2013-06-11 07:09 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2015-06-04 20:37 - 2013-06-11 07:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-06-04 20:36 - 2012-08-04 04:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-04 20:36 - 2012-08-04 04:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-04 20:36 - 2012-08-04 04:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-04 05:25 - 2015-04-18 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-04 05:25 - 2015-04-18 11:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-03 10:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-05-25 11:45 - 2013-01-15 16:13 - 00000000 ____D C:\Users\Akshay\AppData\Local\Windows Live Writer
    2015-05-25 10:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors
    2015-05-24 21:24 - 2012-08-25 15:39 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-05-22 17:03 - 2012-10-13 14:04 - 00000000 ____D C:\ProgramData\Package Cache
    2015-05-22 02:36 - 2013-05-05 06:16 - 00000000 ____D C:\Users\Akshay\Documents\Rockstar Games
    2015-05-22 02:36 - 2013-05-05 06:01 - 00000000 ____D C:\Users\Akshay\AppData\Local\Rockstar Games
    2015-05-19 11:05 - 2015-01-29 16:41 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Bioshock
    2015-05-19 10:59 - 2014-12-22 10:02 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-05-16 16:36 - 2014-12-09 19:53 - 00000000 ____D C:\Users\Akshay\Downloads\Bobs.Burgers
    2015-05-15 13:23 - 2014-05-16 19:07 - 00003752 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
    2015-05-15 13:23 - 2014-05-16 19:07 - 00000988 _____ C:\Users\Public\Desktop\Gyazo.lnk
    2015-05-15 13:23 - 2014-05-16 19:07 - 00000988 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
    2015-05-15 13:23 - 2014-05-16 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
    2015-05-15 13:23 - 2014-05-16 19:06 - 00000000 ____D C:\Program Files (x86)\Gyazo
    2015-05-15 13:16 - 2015-01-06 17:00 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000UA
    2015-05-15 13:16 - 2015-01-06 17:00 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000Core
    2015-05-11 21:56 - 2014-10-13 15:14 - 00000000 ____D C:\Program Files\AMD
    2015-05-11 21:46 - 2009-07-14 01:13 - 00798616 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-05-11 00:43 - 2012-08-23 01:34 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\DAEMON Tools Pro
    2015-05-08 20:47 - 2013-01-13 22:40 - 00000000 ____D C:\Program Files (x86)\Google
    2015-05-07 21:32 - 2014-05-28 10:42 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\TS3Client
    2015-05-07 20:28 - 2011-02-10 10:02 - 00000000 ____D C:\Windows\panther
    2015-05-07 20:24 - 2013-11-13 23:15 - 00000000 ____D C:\Program Files\CCleaner
    2015-05-07 20:23 - 2012-08-28 07:39 - 00000000 ____D C:\Windows\Minidump

    ==================== Files in the root of some directories =======

    2015-06-05 22:24 - 2015-06-06 20:26 - 0007616 _____ () C:\Users\Akshay\AppData\Local\Resmon.ResmonCfg
    2015-06-05 18:52 - 2015-06-06 01:39 - 0000112 _____ () C:\ProgramData\hf6Arut.dat

    Files to move or delete:
    ====================
    C:\ProgramData\hf6Arut.dat


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-04 17:53

    ==================== End of log ============================
     
  22. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    I think I might have accidentally changed something in that one so I'm running another scan to be sure
     
  23. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
    Ran by Akshay (administrator) on AKSHAY-PC on 07-06-2015 11:36:45
    Running from C:\Users\Akshay\Desktop
    Loaded Profiles: Akshay (Available Profiles: Akshay)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Spotify Ltd) C:\Users\Akshay\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2878728 2014-04-16] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
    HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
    HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4878752 2014-11-19] (Intel(R) Corporation)
    HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-04] (Avast Software s.r.o.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [Spotify Web Helper] => C:\Users\Akshay\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-01] (Spotify Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [Spotify] => C:\Users\Akshay\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-06-01] (Spotify Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [uTorrent] => C:\Users\Akshay\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2015-04-30] (Nota Inc.)
    Startup: C:\Users\Akshay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2015-05-04]
    ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-04] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
    SearchScopes: HKLM -> {BCDA109D-38D2-4DA3-84F5-43A348A94C54} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {BCDA109D-38D2-4DA3-84F5-43A348A94C54} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
    BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-04] (Avast Software s.r.o.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
    BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-02-14] (EldoS Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-12-17] (Perfect World Entertainment Inc)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-04] (Avast Software s.r.o.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
    DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Akshay\AppData\Roaming\Mozilla\Firefox\Profiles\j0nrwl47.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-04] ()
    FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-04] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-12-17] (Perfect World Entertainment Inc)
    FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2090909380-4087199382-2303749201-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2090909380-4087199382-2303749201-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2090909380-4087199382-2303749201-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-08-24] ()
    FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2015-03-01]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-04]
    FF HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Firefox\Extensions: [{03DCCC24-08BE-11E2-8271-B8AC6F996F26}] - C:\Users\Akshay\AppData\Local\{03DCCC24-08BE-11E2-8271-B8AC6F996F26}
    FF Extension: Mozilla Safe Browsing - C:\Users\Akshay\AppData\Local\{03DCCC24-08BE-11E2-8271-B8AC6F996F26} [2012-09-27]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-13]
    CHR Extension: (Google Search) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-13]
    CHR Extension: (Google Cast (Beta)) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2015-05-26]
    CHR Extension: (Youtube to MP3 Converter - High Quality) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllepdkfbbinindpblacdckjaflfjdmj [2013-03-11]
    CHR Extension: (Avast Online Security) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-04]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-22]
    CHR Extension: (Reload All Tabs) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2013-10-10]
    CHR Extension: (Google Mail Checker) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-02-28]
    CHR Extension: (Google Wallet) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-22]
    CHR Extension: (Gmail) - C:\Users\Akshay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-13]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-04]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-17] (Perfect World Entertainment Inc)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-04] (Avast Software s.r.o.)
    S4 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
    S4 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-05-18] (Conexant Systems, Inc.)
    S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
    S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
    S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
    S4 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [24064 2012-12-14] () [File not signed]
    S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-10] ()
    S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-04] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-04] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-04] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-04] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-04] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-04] ()
    S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2014-11-18] ()
    R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
    R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [350096 2012-02-14] (EldoS Corporation)
    S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-04-23] (Phoenix Technologies) [File not signed]
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-23] (DT Soft Ltd)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
    R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-05-20] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
    S3 MEMACC; C:\Windows\SysWOW64\drivers\memacc.sys [33664 2015-05-04] (Zeal SoftStudio) [File not signed]
    R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11523584 2014-12-19] (Intel Corporation)
    R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.)
    S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
    S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
    S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-06] ()
    S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
    S3 zntport; C:\Windows\SysWOW64\drivers\zntport.sys [13880 2015-05-04] (Zeal SoftStudio)
    U3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-06 13:06 - 2015-06-06 13:06 - 00035726 _____ C:\ComboFix.txt
    2015-06-06 12:43 - 2015-06-06 12:43 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\ertlzygk
    2015-06-06 12:43 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-06-06 12:43 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-06-06 12:43 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-06-06 12:43 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-06-06 12:43 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-06-06 12:43 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
    2015-06-06 12:43 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
    2015-06-06 12:43 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
    2015-06-06 12:40 - 2015-06-06 13:06 - 00000000 ____D C:\Qoobox
    2015-06-06 12:39 - 2015-06-06 13:03 - 00000000 ____D C:\Windows\erdnt
    2015-06-06 12:39 - 2015-06-06 12:39 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\rmbdriyp
    2015-06-06 12:31 - 2015-06-06 12:31 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\ifzvhgbc
    2015-06-06 12:23 - 2015-06-06 12:24 - 05628238 ____R (Swearware) C:\Users\Akshay\Downloads\ComboFix.exe
    2015-06-06 04:19 - 2015-06-06 04:19 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\dkfgmfmz
    2015-06-06 02:17 - 2015-06-06 02:17 - 00008727 _____ C:\Users\Akshay\Desktop\JRT.txt
    2015-06-06 02:14 - 2015-06-06 02:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-AKSHAY-PC-Windows-7-Home-Premium-(64-bit).dat
    2015-06-06 02:14 - 2015-06-06 02:14 - 00000000 ____D C:\RegBackup
    2015-06-06 01:51 - 2015-06-06 02:15 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\lijzxatq
    2015-06-06 01:51 - 2015-06-06 02:04 - 00000000 ____D C:\AdwCleaner
    2015-06-06 01:47 - 2015-06-06 01:47 - 00007748 _____ C:\Users\Akshay\Desktop\MbamScan.txt
    2015-06-05 23:08 - 2015-06-06 00:08 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-06-05 23:08 - 2015-06-05 23:09 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-06-05 22:56 - 2015-06-05 22:57 - 02942610 _____ (Thisisu) C:\Users\Akshay\Desktop\JRT.exe
    2015-06-05 22:56 - 2015-06-05 22:57 - 02231296 _____ C:\Users\Akshay\Desktop\adwcleaner_4.206.exe
    2015-06-05 22:53 - 2015-06-05 22:58 - 17637624 _____ C:\Users\Akshay\Desktop\RogueKiller.exe
    2015-06-05 22:24 - 2015-06-06 20:26 - 00007616 _____ C:\Users\Akshay\AppData\Local\Resmon.ResmonCfg
    2015-06-05 18:52 - 2015-06-06 01:39 - 00000112 _____ C:\ProgramData\hf6Arut.dat
    2015-06-05 18:36 - 2015-06-05 18:36 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
    2015-06-05 13:25 - 2015-06-06 01:41 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\jensgqtf
    2015-06-05 02:19 - 2015-06-06 01:38 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\xvolvopm
    2015-06-04 20:54 - 2015-06-06 01:38 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\adwpqscu
    2015-06-04 20:39 - 2015-06-07 11:37 - 00024214 _____ C:\Users\Akshay\Desktop\FRST.txt
    2015-06-04 20:39 - 2015-06-07 11:36 - 00000000 ____D C:\FRST
    2015-06-04 20:32 - 2015-06-04 20:32 - 00003212 _____ C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe
    2015-06-04 20:29 - 2015-06-04 20:29 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\AVAST Software
    2015-06-04 20:27 - 2015-06-04 20:27 - 00001884 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-06-04 20:27 - 2015-06-04 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-06-04 20:26 - 2015-06-04 20:26 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-06-04 20:26 - 2015-06-04 20:26 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
    2015-06-04 20:26 - 2015-06-04 20:26 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-06-04 20:26 - 2015-06-04 20:25 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-06-04 20:25 - 2015-06-04 20:25 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-06-04 20:25 - 2015-06-04 20:25 - 00000000 ____D C:\Program Files\AVAST Software
    2015-06-04 20:24 - 2015-06-04 20:24 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-06-04 20:22 - 2015-06-04 20:22 - 02108928 _____ (Farbar) C:\Users\Akshay\Desktop\FRST64.exe
    2015-06-04 20:21 - 2015-06-04 20:24 - 152923328 _____ (Avast Software s.r.o.) C:\Users\Akshay\Downloads\avast_free_antivirus_setup.exe
    2015-06-04 17:23 - 2015-06-04 17:32 - 00000000 ____D C:\Users\Akshay\Downloads\Workaholics - The Complete Season 3 [HDTV]
    2015-06-04 05:25 - 2015-06-04 05:25 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-04 05:21 - 2015-06-04 05:24 - 08436976 _____ (Auslogics Labs Pty Ltd ) C:\Users\Akshay\Downloads\fix-my-pc-setup.exe
    2015-06-03 00:27 - 2015-06-03 00:27 - 00000000 ____D C:\Program Files (x86)\Dell Update
    2015-05-28 13:50 - 2015-05-28 13:50 - 00000000 ____D C:\Users\Akshay\Downloads\South Park Season 5 DvDrip-McTav
    2015-05-25 00:12 - 2015-05-25 00:18 - 00000000 ____D C:\Users\Akshay\Documents\Heroes of the Storm
    2015-05-25 00:11 - 2015-05-25 00:11 - 00001195 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
    2015-05-25 00:11 - 2015-05-25 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
    2015-05-24 23:33 - 2015-06-01 18:39 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
    2015-05-24 23:25 - 2015-06-01 19:09 - 00000000 ____D C:\Users\Akshay\AppData\Local\Battle.net
    2015-05-24 23:25 - 2015-06-01 18:35 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2015-05-24 23:25 - 2015-05-25 00:13 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
    2015-05-24 23:25 - 2015-05-24 23:32 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Battle.net
    2015-05-24 23:25 - 2015-05-24 23:25 - 00001150 _____ C:\Users\Public\Desktop\Battle.net.lnk
    2015-05-24 23:25 - 2015-05-24 23:25 - 00000000 ____D C:\Users\Akshay\AppData\Local\Blizzard Entertainment
    2015-05-24 23:25 - 2015-05-24 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    2015-05-24 23:22 - 2015-05-24 23:22 - 00000000 ____D C:\ProgramData\Battle.net
    2015-05-24 23:21 - 2015-05-24 23:21 - 03081784 _____ (Blizzard Entertainment) C:\Users\Akshay\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
    2015-05-24 21:24 - 2015-05-24 21:25 - 00291386 _____ C:\Windows\msxml4-KB954430-enu.LOG
    2015-05-24 21:24 - 2015-05-24 21:24 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2015-05-22 19:30 - 2015-05-22 19:40 - 02454886 _____ C:\Users\Akshay\Downloads\DLL_pack.zip
    2015-05-22 17:17 - 2015-05-22 17:17 - 00001107 _____ C:\Users\Akshay\Desktop\Launcher.exe - Shortcut.lnk
    2015-05-22 12:32 - 2015-05-22 12:34 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v5.Fixed-3DM
    2015-05-22 12:27 - 2015-05-22 12:31 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.3(v1.0.335.2).and.Crack.v4-3DM
    2015-05-22 12:05 - 2015-05-22 12:05 - 00031938 _____ C:\Users\Akshay\Downloads\torrent (8)
    2015-05-22 12:05 - 2015-05-22 12:05 - 00031855 _____ C:\Users\Akshay\Downloads\torrent (9)
    2015-05-22 12:04 - 2015-05-22 12:06 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.5(v1.0.350.2).and.Crack.v4-3DM
    2015-05-22 12:04 - 2015-05-22 12:04 - 00031855 _____ C:\Users\Akshay\Downloads\torrent (7)
    2015-05-22 12:04 - 2015-05-22 12:04 - 00031845 _____ C:\Users\Akshay\Downloads\torrent (6)
    2015-05-22 12:03 - 2015-05-22 12:03 - 00031845 _____ C:\Users\Akshay\Downloads\torrent (5)
    2015-05-22 12:03 - 2015-05-22 12:03 - 00031837 _____ C:\Users\Akshay\Downloads\torrent (4)
    2015-05-22 11:21 - 2015-05-22 11:21 - 02763506 _____ C:\Users\Akshay\Downloads\SC-7487RLD.rar
    2015-05-22 10:38 - 2015-05-22 11:09 - 457519249 _____ C:\Users\Akshay\Downloads\SC-748712G.rar
    2015-05-22 06:42 - 2015-05-22 06:42 - 00031845 _____ C:\Users\Akshay\Downloads\torrent (3)
    2015-05-22 06:41 - 2015-05-22 12:27 - 00000000 ____D C:\Users\Akshay\Downloads\3DMGAME-Grand.Theft.Auto.V.Update.2.and.Crack.v3-3DM
    2015-05-22 06:40 - 2015-05-22 06:41 - 00031938 _____ C:\Users\Akshay\Downloads\torrent (2)
    2015-05-22 06:40 - 2015-05-22 06:41 - 00031837 _____ C:\Users\Akshay\Downloads\torrent (1)
    2015-05-22 06:40 - 2015-05-22 06:40 - 00031845 _____ C:\Users\Akshay\Downloads\torrent
    2015-05-22 05:45 - 2015-05-22 05:45 - 442993748 _____ C:\Users\Akshay\Downloads\Grthftcrv5cr5fxd.rar
    2015-05-22 04:57 - 2015-05-22 19:15 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2015-05-22 04:56 - 2015-05-22 19:14 - 00000000 ____D C:\Program Files\Rockstar Games
    2015-05-22 04:55 - 2015-05-22 17:22 - 00000080 _____ C:\Users\Akshay\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
    2015-05-17 06:35 - 2015-05-17 23:38 - 00000000 ____D C:\Users\Akshay\Downloads\Grand Theft Auto V-FULL UNLOCKED-SG
    2015-05-17 06:34 - 2015-05-17 06:34 - 00165451 _____ C:\Users\Akshay\Downloads\Grand Theft Auto V-FULL UNLOCKED-SG.torrent
    2015-05-17 06:33 - 2015-05-17 06:33 - 00031842 _____ C:\Users\Akshay\Downloads\Grand.Theft.Auto.V.Update.4(v1.0.350.1).and.Crack.v4-3DM (1).torrent
    2015-05-17 06:32 - 2015-05-17 06:32 - 00151666 _____ C:\Users\Akshay\Downloads\Grand.Theft.Auto.V-RELOADED.torrent
    2015-05-17 06:32 - 2015-05-17 06:32 - 00031842 _____ C:\Users\Akshay\Downloads\Grand.Theft.Auto.V.Update.4(v1.0.350.1).and.Crack.v4-3DM.torrent
    2015-05-17 06:25 - 2015-05-17 06:25 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (5).msi
    2015-05-16 17:17 - 2015-05-16 17:17 - 00000000 ____D C:\Windows\CheckSur
    2015-05-12 13:51 - 2015-05-12 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TipMediaPlayer
    2015-05-12 13:51 - 2015-05-12 13:51 - 00000000 ____D C:\Program Files\TipMediaPlayer
    2015-05-12 13:46 - 2015-05-12 13:46 - 00715816 _____ (Application ) C:\Users\Akshay\Downloads\TipMediaPlayer_Setup.exe
    2015-05-12 13:39 - 2015-05-12 13:39 - 00144466 _____ C:\Users\Akshay\Downloads\League of Legends Riot Points Generator.rar
    2015-05-11 21:17 - 2015-05-24 23:07 - 00353120 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-05-11 21:16 - 2015-06-06 02:05 - 00020168 _____ C:\Windows\PFRO.log
    2015-05-11 14:00 - 2015-05-11 14:00 - 00638976 _____ C:\Users\Akshay\Downloads\Detection(1).msi
    2015-05-11 13:56 - 2015-05-11 13:56 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (4).msi
    2015-05-11 13:21 - 2015-05-11 13:21 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\MK10
    2015-05-11 01:28 - 2015-05-11 01:28 - 00018491 _____ C:\Windows\DirectX.log
    2015-05-11 00:43 - 2015-05-11 13:45 - 00000000 ____D C:\Program Files (x86)\Mortal Kombat X
    2015-05-09 13:12 - 2015-06-07 02:39 - 00004088 _____ C:\Windows\setupact.log
    2015-05-09 13:12 - 2015-05-09 13:12 - 00000000 _____ C:\Windows\setuperr.log
    2015-05-08 20:52 - 2015-05-08 20:52 - 02333416 _____ (Intel) C:\Users\Akshay\Downloads\Intel Driver Update Utility Installer (1).exe
    2015-05-08 20:47 - 2015-05-25 19:04 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-05-08 20:47 - 2015-05-08 20:48 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (3).msi
    2015-05-08 20:47 - 2015-05-08 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-05-08 20:46 - 2015-06-07 11:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-08 20:46 - 2015-06-06 20:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-08 20:46 - 2015-05-16 17:52 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-05-08 20:46 - 2015-05-16 17:52 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-08 20:32 - 2015-05-17 06:38 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
    2015-05-08 20:21 - 2015-05-08 20:21 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (2).msi
    2015-05-08 20:15 - 2015-05-08 20:15 - 00638976 _____ C:\Users\Akshay\Downloads\Detection (1).msi
    2015-05-08 18:54 - 2015-05-08 18:54 - 00638976 _____ C:\Users\Akshay\Downloads\Detection.msi
    2015-05-08 14:29 - 2015-05-08 14:29 - 00089856 _____ C:\Users\Akshay\AppData\Local\GDIPFONTCACHEV1.DAT

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-07 11:29 - 2015-01-06 17:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000UA.job
    2015-06-07 11:29 - 2012-08-22 01:31 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\vlc
    2015-06-07 11:28 - 2012-08-04 04:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-07 11:27 - 2012-08-04 04:13 - 01460917 _____ C:\Windows\WindowsUpdate.log
    2015-06-06 14:50 - 2013-01-26 13:44 - 00000000 ____D C:\Users\Akshay\AppData\Local\Spotify
    2015-06-06 13:21 - 2015-01-06 17:00 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000Core.job
    2015-06-06 13:19 - 2014-01-31 11:31 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Spotify
    2015-06-06 13:10 - 2012-08-20 20:00 - 00000000 ____D C:\Users\Akshay\AppData\Local\Apps\2.0
    2015-06-06 13:06 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
    2015-06-06 13:00 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
    2015-06-06 02:14 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-06 02:14 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-06 02:08 - 2012-11-21 22:03 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\uTorrent
    2015-06-06 02:06 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-06 01:45 - 2015-04-18 11:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-06-06 01:40 - 2009-07-14 01:37 - 00000000 ____D C:\Windows\DigitalLocker
    2015-06-05 18:41 - 2012-08-20 18:53 - 00000000 ____D C:\Users\Akshay
    2015-06-05 18:36 - 2012-08-04 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2015-06-04 20:41 - 2012-08-04 04:44 - 00000000 ____D C:\ProgramData\Skype
    2015-06-04 20:40 - 2012-08-20 21:48 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Skype
    2015-06-04 20:37 - 2013-06-11 07:09 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2015-06-04 20:37 - 2013-06-11 07:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-06-04 20:36 - 2012-08-04 04:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-04 20:36 - 2012-08-04 04:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-04 20:36 - 2012-08-04 04:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-04 05:25 - 2015-04-18 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-04 05:25 - 2015-04-18 11:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-03 10:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-05-25 11:45 - 2013-01-15 16:13 - 00000000 ____D C:\Users\Akshay\AppData\Local\Windows Live Writer
    2015-05-25 10:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors
    2015-05-24 21:24 - 2012-08-25 15:39 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-05-22 17:03 - 2012-10-13 14:04 - 00000000 ____D C:\ProgramData\Package Cache
    2015-05-22 02:36 - 2013-05-05 06:16 - 00000000 ____D C:\Users\Akshay\Documents\Rockstar Games
    2015-05-22 02:36 - 2013-05-05 06:01 - 00000000 ____D C:\Users\Akshay\AppData\Local\Rockstar Games
    2015-05-19 11:05 - 2015-01-29 16:41 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\Bioshock
    2015-05-19 10:59 - 2014-12-22 10:02 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-05-16 16:36 - 2014-12-09 19:53 - 00000000 ____D C:\Users\Akshay\Downloads\Bobs.Burgers
    2015-05-15 13:23 - 2014-05-16 19:07 - 00003752 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
    2015-05-15 13:23 - 2014-05-16 19:07 - 00000988 _____ C:\Users\Public\Desktop\Gyazo.lnk
    2015-05-15 13:23 - 2014-05-16 19:07 - 00000988 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
    2015-05-15 13:23 - 2014-05-16 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
    2015-05-15 13:23 - 2014-05-16 19:06 - 00000000 ____D C:\Program Files (x86)\Gyazo
    2015-05-15 13:16 - 2015-01-06 17:00 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000UA
    2015-05-15 13:16 - 2015-01-06 17:00 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000Core
    2015-05-11 21:56 - 2014-10-13 15:14 - 00000000 ____D C:\Program Files\AMD
    2015-05-11 21:46 - 2009-07-14 01:13 - 00798616 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-05-11 00:43 - 2012-08-23 01:34 - 00000000 ____D C:\Users\Akshay\AppData\Roaming\DAEMON Tools Pro
    2015-05-08 20:47 - 2013-01-13 22:40 - 00000000 ____D C:\Program Files (x86)\Google

    ==================== Files in the root of some directories =======

    2015-06-05 22:24 - 2015-06-06 20:26 - 0007616 _____ () C:\Users\Akshay\AppData\Local\Resmon.ResmonCfg
    2015-06-05 18:52 - 2015-06-06 01:39 - 0000112 _____ () C:\ProgramData\hf6Arut.dat

    Files to move or delete:
    ====================
    C:\ProgramData\hf6Arut.dat


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-04 17:53

    ==================== End of log ============================
     
  24. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
    Ran by Akshay at 2015-06-07 11:37:34
    Running from C:\Users\Akshay\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2090909380-4087199382-2303749201-500 - Administrator - Disabled)
    Akshay (S-1-5-21-2090909380-4087199382-2303749201-1000 - Administrator - Enabled) => C:\Users\Akshay
    ASPNET (S-1-5-21-2090909380-4087199382-2303749201-1003 - Limited - Enabled)
    Guest (S-1-5-21-2090909380-4087199382-2303749201-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
    Assassin's Creed ® III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.00 - Ubisoft)
    Assassins Creed IV Black Flag Freedom Cry (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
    Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
    BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
    Boingo Wi-Finder (HKLM-x32\...\{1BE30884-D867-4648-9739-2DB19025DF04}) (Version: 5.1.0071 - Boingo Wireless, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Borderlands: The Pre-Sequel (HKLM-x32\...\Qm9yZGVybGFuZHNUaGVQcmVTZXF1ZWw=_is1) (Version: 1 - )
    BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
    Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
    ChromecastApp (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CommView for WiFi (HKLM-x32\...\{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}) (Version: 7.0 - TamoSoft)
    Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
    Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.30.0 - Conexant)
    Conexant Maxx Preset (HKLM\...\cMaxxPreset) (Version: 1.4.0.0 - Conexant Systems)
    Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.37.0 - Conexant)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
    Dell Audio (HKLM\...\SA3) (Version: 1.72.0.0 - Conexant Systems)
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
    Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
    Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
    Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
    Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
    Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
    Dell System Detect (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\73f463568823ebbe) (Version: 6.1.0.3 - Dell)
    Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.16.1 - ELAN Microelectronic Corp.)
    Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
    Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
    Dell VideoStage (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.15 - Creative Technology Ltd)
    Dia (remove only) (HKLM-x32\...\Dia) (Version: - )
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Dragonball Xenoverse (HKLM-x32\...\Dragonball Xenoverse_is1) (Version: - )
    Dragon's Prophet (HKLM-x32\...\Steam App 229100) (Version: - Sony Online Entertainment)
    Dragons Prophet (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\SOE-Dragons Prophet) (Version: - Sony Online Entertainment)
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    Elcomsoft Wireless Security Auditor (HKLM-x32\...\{62C69DD0-1C15-46D3-B973-D617725E7F0A}) (Version: 5.08.313.1706 - Elcomsoft Co. Ltd.)
    Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Escape Whisper Valley (TM) (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ExpanDrive (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\ExpanDrive) (Version: - ExpanDrive, Inc.)
    Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)
    Fable - The Lost Chapters (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
    Fable Anniversary (HKLM-x32\...\Fable Anniversary_is1) (Version: - )
    Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
    Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
    Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft)
    Far Cry 3 (HKLM-x32\...\Far Cry 3_is1) (Version: 1.04 - R.G. Reverants)
    Far Cry 4 Update v1.5 (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
    gedit 2.30.1 (HKLM-x32\...\gedit_is1) (Version: 2.30.1 - GNOME)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
    Gyazo 2.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
    Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
    iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
    Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
    Java SE Development Kit 8 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
    Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Kingdoms of Amalur Reckoning (HKLM-x32\...\Kingdoms of Amalur Reckoning_is1) (Version: - )
    Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
    K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
    League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
    League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
    League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
    Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Camera Codec Pack (HKLM\...\{9DCA0803-0890-4631-94BA-17DE31C49C40}) (Version: 16.4.1734.1104 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SkyDrive (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Middle-earth Shadow of Mordor (HKLM-x32\...\Middle-earth Shadow of Mordor_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
    Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.7 - Black Tree Gaming)
    Nosgoth (HKLM-x32\...\Steam App 200110) (Version: - Psyonix)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.8 - )
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    PatchBeam (HKLM-x32\...\PatchBeam) (Version: 1.10 - ConeXware, Inc.)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Portal 3.3 (HKLM-x32\...\Portal 3.3) (Version: - )
    PowerArchiver 2012 (HKLM-x32\...\PowerArchiver 2012 13.00.26) (Version: 13.00.26 - ConeXware, Inc.)
    PowerArchiver 2012 (x32 Version: 13.00.26 - ConeXware, Inc.) Hidden
    Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
    PrivateTunnel (HKLM-x32\...\{1880714F-98B5-4DD1-9A33-98863B4E009B}) (Version: 2.0.0.0 - OpenVPN Technologies)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Putty (HKLM-x32\...\{8A4589F3-E0F2-41E2-906A-ECB7A4B76291}) (Version: 0.60 - Simon Tatham)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Python 2.7.3 (64-bit) (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}) (Version: 2.7.3150 - Python Software Foundation)
    QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
    QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.54.309.2012 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
    Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Sandboxie 3.76 (64-bit) (HKLM\...\Sandboxie) (Version: 3.76 - SANDBOXIE L.T.D)
    Secure Download Manager (HKLM-x32\...\{E86B07AE-9F94-44D5-AD47-DC2716EA90D2}) (Version: 3.1.40 - Kivuto Solutions Inc.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Shaun White Skateboarding (HKLM-x32\...\{173F2B02-2AAA-414F-A2D8-44870BB98F7A}) (Version: 1.0 - Ubisoft)
    Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
    Sleeping Dogs version 5.1 (HKLM-x32\...\{B810D852-DFD6-SLPDGS-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
    SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
    SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
    South Park The Stick of Truth - Update 2 version 1.0.1361 (HKLM-x32\...\{43BC092F-FEEF-4E74-805A-B20A67522D10}_is1) (Version: 1.0.1361 - Ubisoft)
    Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
    Spotify (HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab Detection (HKLM-x32\...\{95A54DD6-403D-4403-A998-EA81C24B5A88}) (Version: 6.1.4.0 - Husdawg, LLC)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - )
    TipMediaPlayer 1.0 (HKLM\...\{7268C940-B87D-4445-B180-4404E231775B}_is1) (Version: 1.0 - )
    Tribes Vengeance (HKLM-x32\...\InstallShield_{BBF51613-ACF3-4B1C-86E8-AD15BB431037}) (Version: 1.0.0 - Vivendi Universal Games)
    Tribes Vengeance (x32 Version: 1.0.0 - Vivendi Universal Games) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
    Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - )
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Paradigm CE 11.2 (HKLM\...\1106-5897-7327-6550) (Version: 11.2 - Visual Paradigm International Ltd.)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    VPython 6.05 (HKLM\...\VPython for Python 2.7_is1) (Version: - )
    Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
    Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
    WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Akshay\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    29-05-2015 14:56:03 Windows Update
    01-06-2015 20:05:13 Software Removal Tool
    04-06-2015 17:51:22 Windows Update
    04-06-2015 20:25:05 avast! antivirus system restore point

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-06-05 18:41 - 2015-06-06 13:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
     
  25. ajdsouza

    ajdsouza TS Rookie Topic Starter Posts: 49

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {02433315-82BC-4E21-AC4E-7306BBF7261D} - System32\Tasks\{132CC7ED-72AD-4591-A1E6-CA4A3A84684A} => pcalua.exe -a "C:\Users\Akshay\Desktop\nba 2k14\Setup.exe" -d "C:\Users\Akshay\Desktop\nba 2k14"
    Task: {031F95D4-7E0A-4DE6-AF70-EC2FFB245BE7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000Core => C:\Users\Akshay\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
    Task: {0D91443A-BD4F-497B-94AC-6B7FE567573F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {12FFCED0-6538-4619-AD5A-70933152214E} - System32\Tasks\{89DD358E-C591-442F-A195-72EA4E86F4AF} => G:\Setup.exe
    Task: {2D225986-13DE-4BBA-B829-2EBBDBE3B612} - System32\Tasks\{7D6BDBAB-EF78-4307-BD3D-3C8CC6FB936D} => pcalua.exe -a C:\Users\Akshay\Desktop\Crysis\setup.exe -d C:\Users\Akshay\Desktop\Crysis
    Task: {3E64EB68-4D6C-47C5-9C42-46F1C9E59C0C} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-04-30] ()
    Task: {465DEE4F-8C69-4F74-9C75-ACA729EB9539} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-04] (Adobe Systems Incorporated)
    Task: {50DEB759-C4FD-4996-9E7E-7E482A4E5038} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
    Task: {55F0D8BD-1B53-48B3-82A4-CB62B7AD3645} - System32\Tasks\{F88AD140-C18F-4555-B900-77FDB3603CC6} => pcalua.exe -a C:\d\Skyrim\install.exe -d C:\d\Skyrim
    Task: {5B0A9FAA-26CD-4497-92E6-D248E1DEB760} - System32\Tasks\{9F7876E4-4610-43C0-A923-871527493671} => pcalua.exe -a C:\Users\Akshay\Downloads\Assassins_Creed_II-crack-SKIDROW\UPDATE\assassins_creed_2_1.01_us.exe -d C:\Users\Akshay\Downloads\Assassins_Creed_II-crack-SKIDROW\UPDATE
    Task: {5C70BDAA-6BB6-4050-8CC8-D351330B8EF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000UA => C:\Users\Akshay\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
    Task: {792839C8-1EE2-447C-B513-1763B423C36C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)
    Task: {7E41BC6A-22F6-416A-B565-DBF23E05E6F6} - System32\Tasks\{58D6AFF7-300B-463D-A8D3-6A9DCD435BD9} => pcalua.exe -a F:\Setup.exe -d F:\
    Task: {B1FEA4E9-2EBB-4BB4-A713-456A5BC9BCEE} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-22] (Microsoft Corporation)
    Task: {B772BE6C-5624-4508-A0F2-1F10D2C832CF} - System32\Tasks\{46F7317A-B841-4DCE-9B6B-B3AA703C2460} => Chrome.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsProgressBar
    Task: {C2E5CF6A-AE47-4B4A-B40B-211996898A40} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-04] (Avast Software s.r.o.)
    Task: {CEF0B242-1605-4602-8EF7-4D8DD15DC420} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {E20E5440-D865-4E99-A8CB-4DCB3442EE22} - System32\Tasks\{8D5352C4-869D-4054-85E8-37370631798E} => C:\Users\Akshay\Desktop\nba 2k14\New folder\NBA2K14-SKIDROWCRACK.COM\setup.exe
    Task: {E87B4364-4488-4C35-BA60-88A42EDCBF7D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-08] (Google Inc.)
    Task: {EA621330-592F-4543-AD39-7E80E4A376D2} - System32\Tasks\AdobeAAMUpdater-1.0-Akshay-PC-Akshay => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
    Task: {ECDD6C12-2280-4AFE-8E84-12CC95A1DB69} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
    Task: {EE92C2AE-2DCB-41AF-86B1-F3D1E8216BEE} - System32\Tasks\{083775D8-E221-40B6-B87E-BD5FBA93B470} => pcalua.exe -a "C:\Users\Akshay\Downloads\Empire Total War\Game\DVD 1\setup.exe" -d "C:\Users\Akshay\Downloads\Empire Total War\Game\DVD 1"
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000Core.job => C:\Users\Akshay\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090909380-4087199382-2303749201-1000UA.job => C:\Users\Akshay\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-06-04 20:25 - 2015-06-04 20:25 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-06-04 20:25 - 2015-06-04 20:25 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-06-05 13:11 - 2015-06-05 13:11 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060501\algo.dll
    2015-06-07 11:27 - 2015-06-07 11:27 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060700\algo.dll
    2015-06-04 20:25 - 2015-06-04 20:25 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-05-25 19:04 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
    2015-05-25 19:04 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
    2015-05-25 19:04 - 2015-05-22 16:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\dell.com -> dell.com
    IE trusted site: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\...\sony.com -> sony.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2090909380-4087199382-2303749201-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeActiveFileMonitor9.0 => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMPPALR3 => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: ArcService => 3
    MSCONFIG\Services: Bluetooth Device Monitor => 2
    MSCONFIG\Services: Bluetooth Media Service => 3
    MSCONFIG\Services: Bluetooth OBEX Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: BTHSSecurityMgr => 2
    MSCONFIG\Services: CAMService => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: CxUtilSvc => 2
    MSCONFIG\Services: EvtEng => 2
    MSCONFIG\Services: GamesAppService => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: HiPatchService => 2
    MSCONFIG\Services: IAStorDataMgrSvc => 2
    MSCONFIG\Services: ICCS => 3
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: MyWiFiDHCPDNS => 3
    MSCONFIG\Services: NOBU => 2
    MSCONFIG\Services: OpenVPNAccessClient => 2
    MSCONFIG\Services: RegSrvc => 2
    MSCONFIG\Services: SbieSvc => 2
    MSCONFIG\Services: SftService => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: SystemStoreService => 2
    MSCONFIG\Services: TurboBoost => 3
    MSCONFIG\Services: UNS => 2
    MSCONFIG\Services: ZeroConfigService => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PrivateTunnel.lnk => C:\Windows\pss\PrivateTunnel.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Akshay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
    MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: Boingo Wi-Finder => "C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk"
    MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
    MSCONFIG\startupreg: Facebook Update => "C:\Users\Akshay\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Spotify => "C:\Users\Akshay\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Akshay\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
    MSCONFIG\startupreg: uTorrent => "C:\Users\Akshay\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Faulty Device Manager Devices =============

    Name: TAP-Win32 Adapter OAS
    Description: TAP-Win32 Adapter OAS
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Win32 Provider OAS
    Service: tapoas
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Microsoft Virtual WiFi Miniport Adapter
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Microsoft Virtual WiFi Miniport Adapter #2
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/06/2015 04:08:03 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (06/06/2015 02:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/06/2015 01:41:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/05/2015 07:23:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: vlc.exe, version: 2.2.1.0, time stamp: 0x00000004
    Faulting module name: libqt4_plugin.dll, version: 2.2.1.0, time stamp: 0x00020002
    Exception code: 0x40000015
    Fault offset: 0x007ca10a
    Faulting process id: 0x21f4
    Faulting application start time: 0xvlc.exe0
    Faulting application path: vlc.exe1
    Faulting module path: vlc.exe2
    Report Id: vlc.exe3

    Error: (06/05/2015 06:37:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Solvusoftdd.exe version 1.52.1086.14425 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: e58

    Start Time: 01d09fdfa7e4b077

    Termination Time: 7

    Application Path: C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe

    Report Id: 5c2ced1e-0bd3-11e5-8a03-685d43f2a0f7

    Error: (06/05/2015 06:36:09 PM) (Source: MsiInstaller) (EventID: 11923) (User: NT AUTHORITY)
    Description: Product: Dell Digital Delivery -- Error 1923. Service 'Dell Digital Delivery Service' (DellDigitalDelivery) could not be installed. Verify that you have sufficient privileges to install system services.

    Error: (06/05/2015 06:34:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iiwjljrnpc64.exe, version: 0.0.0.0, time stamp: 0x551bf9ee
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000374
    Fault offset: 0x00000000000c4102
    Faulting process id: 0x7f8
    Faulting application start time: 0xiiwjljrnpc64.exe0
    Faulting application path: iiwjljrnpc64.exe1
    Faulting module path: iiwjljrnpc64.exe2
    Report Id: iiwjljrnpc64.exe3

    Error: (06/05/2015 06:32:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/05/2015 06:20:26 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (06/04/2015 08:25:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary wbruuqvt.

    System Error:
    The system cannot find the file specified.
    .


    System errors:
    =============
    Error: (06/07/2015 11:28:13 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll

    Error: (06/07/2015 03:08:14 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll

    Error: (06/07/2015 02:39:13 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll

    Error: (06/06/2015 10:06:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll

    Error: (06/06/2015 08:17:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll

    Error: (06/06/2015 02:50:48 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

    Error: (06/06/2015 02:50:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll

    Error: (06/06/2015 01:00:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/06/2015 00:57:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (06/06/2015 00:53:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


    Microsoft Office:
    =========================
    Error: (06/06/2015 04:08:03 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

    Error: (06/06/2015 02:06:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/06/2015 01:41:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/05/2015 07:23:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: vlc.exe2.2.1.000000004libqt4_plugin.dll2.2.1.00002000240000015007ca10a21f401d09fe6651590d3C:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dlld0d58cbe-0bd9-11e5-8a03-685d43f2a0f7

    Error: (06/05/2015 06:37:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Solvusoftdd.exe1.52.1086.14425e5801d09fdfa7e4b0777C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe5c2ced1e-0bd3-11e5-8a03-685d43f2a0f7

    Error: (06/05/2015 06:36:09 PM) (Source: MsiInstaller) (EventID: 11923) (User: NT AUTHORITY)
    Description: Product: Dell Digital Delivery -- Error 1923. Service 'Dell Digital Delivery Service' (DellDigitalDelivery) could not be installed. Verify that you have sufficient privileges to install system services.(NULL)(NULL)(NULL)(NULL)(NULL)

    Error: (06/05/2015 06:34:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iiwjljrnpc64.exe0.0.0.0551bf9eentdll.dll6.1.7601.18247521eaf24c000037400000000000c41027f801d09fdf6ea45a43C:\Program Files (x86)\coupoon\iiwjljrnpc64.exeC:\Windows\SYSTEM32\ntdll.dllfe67188c-0bd2-11e5-8a03-685d43f2a0f7

    Error: (06/05/2015 06:32:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/05/2015 06:20:26 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

    Error: (06/04/2015 08:25:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary wbruuqvt.

    System Error:
    The system cannot find the file specified.


    CodeIntegrity Errors:
    ===================================
    Date: 2015-06-06 12:57:01.509
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-06-06 12:57:01.431
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-05-22 04:44:03.351
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-20 15:19:10.654
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-20 15:18:24.813
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-20 03:27:20.521
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-14 12:34:33.221
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-14 12:29:21.822
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-10 18:04:49.455
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-10 15:39:28.766
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz
    Percentage of memory in use: 27%
    Total physical RAM: 8067.36 MB
    Available physical RAM: 5837.68 MB
    Total Pagefile: 16132.89 MB
    Available Pagefile: 13085.24 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:678.79 GB) (Free:43.71 GB) NTFS
    Drive d: (Fable Disk 1) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 1EACCD23)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=19.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=678.8 GB) - (Type=07 NTFS)

    ==================== End of log ============================
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...