Solved Random Audio ads & unknown process in TM

Broni · Jan 12, 2017

I can see I missed couple of things.
Can you give me fresh FRST logs?

venkatbollu · Jan 12, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by venkat (administrator) on APOORVA-PC (12-01-2017 22:51:35)
Running from C:\Users\venkat\Desktop\New folder
Loaded Profiles: venkat (Available Profiles: Apoorva & venkat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
() C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
() C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Lexmark International Inc.) C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\venkat\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [lxcymon.exe] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe [291496 2009-05-01] ()
HKLM-x32\...\Run: [EzPrint] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe [82600 2009-05-01] (Lexmark International Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2122AD89-0CB0-42C3-A5A6-4543E492E6B1}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-24] (HP)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\venkat\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2009-12-22] (Trend Media Group)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-24] (HP)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\venkat\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011-02-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-06-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60} [2011-12-27]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-21]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-11-29]

Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-28]
CHR Extension: (Google Docs) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-28]
CHR Extension: (Google Sheets) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-28]
CHR Profile: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-19]
CHR Extension: (Google Docs) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-19]
CHR Extension: (Google Drive) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-19]
CHR Extension: (YouTube) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-19]
CHR Extension: (Ebates Cash Back) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-12-25]
CHR Extension: (FullTab) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcgefogogljdgjcegkpkdjocajhlpdko [2017-01-05]
CHR Extension: (Google Sheets) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-19]
CHR Extension: (Google Docs Offline) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-19]
CHR Extension: (AdBlock) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-17]
CHR Extension: (Search) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhlambmdchnamjafiahpoonaaoicoocn [2017-01-05]
CHR Extension: (Cisco WebEx Extension) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-07-18]
CHR Extension: (Wikibuy) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2016-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-19]
CHR Extension: (Gmail) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-19]
CHR Extension: (Chrome Media Router) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-25] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 postgresql-x64-9.6; C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe [94720 2016-10-25] (PostgreSQL Global Development Group) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 TeamPostgreSQL Service; C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe [197120 2016-10-06] () [File not signed]
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2008-10-02] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [18432 2009-04-29] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-10] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-12] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-12] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-12] (Malwarebytes)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-12 22:23 - 2017-01-12 22:23 - 00852798 _____ C:\Users\venkat\Downloads\SecurityCheck.exe
2017-01-12 22:02 - 2017-01-12 22:02 - 00000290 _____ C:\ProgramData\hpqp.ini
2017-01-12 22:02 - 2017-01-12 22:02 - 00000000 _____ C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-12 22:02 - 2017-01-12 22:02 - 00000000 _____ C:\Users\venkat\AppData\Local\DSwitch.txt
2017-01-12 22:02 - 2017-01-12 22:02 - 00000000 _____ C:\Users\venkat\AppData\Local\AtStart.txt
2017-01-12 09:34 - 2017-01-12 22:51 - 00000000 ____D C:\Users\venkat\Desktop\New folder
2017-01-11 13:13 - 2017-01-11 13:13 - 00000178 _____ C:\lxcy.log
2017-01-11 11:41 - 2017-01-11 11:41 - 00013825 _____ C:\Users\venkat\Desktop\iexplore - Shortcut.lnk
2017-01-10 21:19 - 2017-01-10 21:19 - 00025133 _____ C:\ComboFix.txt
2017-01-10 20:42 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-10 20:42 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-10 20:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-10 20:41 - 2017-01-10 21:19 - 00000000 ____D C:\Qoobox
2017-01-10 20:41 - 2017-01-10 21:16 - 00000000 ____D C:\Windows\erdnt
2017-01-10 20:33 - 2017-01-10 20:34 - 05659315 ____R (Swearware) C:\Users\venkat\Desktop\ComboFix.exe
2017-01-10 19:39 - 2017-01-10 19:39 - 00014081 _____ C:\Users\venkat\Desktop\chrome - Shortcut.lnk
2017-01-10 15:57 - 2017-01-10 15:58 - 00425069 _____ C:\Users\venkat\Downloads\EAd.zip
2017-01-10 15:47 - 2017-01-10 15:48 - 01663040 _____ (Malwarebytes) C:\Users\venkat\Downloads\JRT.exe
2017-01-10 14:43 - 2017-01-10 15:07 - 00000000 ____D C:\AdwCleaner
2017-01-10 14:42 - 2017-01-10 14:43 - 03988944 _____ C:\Users\venkat\Downloads\AdwCleaner.exe
2017-01-10 13:34 - 2017-01-10 13:34 - 00042552 _____ C:\Users\venkat\Desktop\Malwarebytes fix.txt
2017-01-10 13:07 - 2017-01-12 22:03 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-10 13:07 - 2017-01-12 22:02 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-10 13:07 - 2017-01-12 22:02 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-10 13:07 - 2017-01-11 15:39 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-10 13:07 - 2017-01-10 13:07 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-10 13:06 - 2017-01-12 09:42 - 00000000 ____D C:\Users\venkat\AppData\Local\CrashDumps
2017-01-10 13:06 - 2017-01-11 17:44 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-10 13:06 - 2017-01-10 13:45 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-10 13:06 - 2017-01-10 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-10 05:18 - 2017-01-10 05:19 - 54199488 _____ (Malwarebytes ) C:\Users\venkat\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-09 20:39 - 2017-01-12 15:11 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-09 20:34 - 2017-01-09 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-09 20:34 - 2017-01-09 20:34 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-09 20:33 - 2017-01-10 05:04 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-09 20:28 - 2017-01-09 20:30 - 34710200 _____ (Adlice Software ) C:\Users\venkat\Downloads\RogueKiller setup.exe
2017-01-09 12:42 - 2017-01-09 13:24 - 00054237 _____ C:\Users\venkat\Downloads\Addition.txt
2017-01-09 11:16 - 2017-01-09 13:24 - 00057684 _____ C:\Users\venkat\Downloads\FRST.txt
2017-01-08 23:06 - 2017-01-08 23:06 - 00006628 _____ C:\Users\venkat\Desktop\Shares Strategy.xlsx.txt
2017-01-08 22:38 - 2017-01-08 22:42 - 00054677 _____ C:\Users\venkat\Downloads\Addition_bkp.txt
2017-01-08 22:32 - 2017-01-08 22:39 - 00003313 _____ C:\Users\venkat\Desktop\My Portfolio.csv
2017-01-08 22:29 - 2017-01-08 22:42 - 00059147 _____ C:\Users\venkat\Downloads\FRST_bkp.txt
2017-01-08 22:23 - 2017-01-12 22:51 - 00000000 ____D C:\FRST
2017-01-08 21:39 - 2017-01-08 21:40 - 02193920 _____ (Farbar) C:\Users\venkat\Downloads\FRST64.exe
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-07 13:27 - 2017-01-07 13:27 - 00003156 _____ C:\Windows\System32\Tasks\{5FE19C52-A260-4A87-AC2C-1DB8E2FD4111}
2017-01-06 16:25 - 2017-01-06 16:25 - 00001945 _____ C:\Windows\epplauncher.mif
2017-01-06 16:24 - 2017-01-06 16:24 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-01-06 16:23 - 2017-01-06 16:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-01-06 16:23 - 2017-01-06 16:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-01-05 23:14 - 2017-01-10 16:14 - 00011260 _____ C:\Users\venkat\Desktop\JRT.txt
2017-01-05 17:38 - 2017-01-10 20:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-05 17:00 - 2017-01-05 18:18 - 00000034 _____ C:\Users\venkat\Desktop\MCafee SR#.txt
2017-01-05 12:46 - 2017-01-12 21:59 - 00000000 ___HD C:\Program Files (x86)\Cappuccinos
2017-01-05 12:46 - 2017-01-12 21:41 - 00000000 ___HD C:\Program Files (x86)\Mutilated
2017-01-05 12:46 - 2017-01-05 12:47 - 00003654 _____ C:\Windows\System32\Tasks\ba30338763033876
2017-01-05 12:46 - 2017-01-05 12:46 - 00003642 _____ C:\Windows\System32\Tasks\bak3033876k3033876
2017-01-05 12:46 - 2017-01-05 12:46 - 00000000 ___HD C:\Program Files (x86)\wells
2017-01-05 12:44 - 2017-01-05 12:44 - 00000000 ____D C:\Users\venkat\AppData\Local\CEF
2017-01-05 03:42 - 2017-01-05 03:42 - 00010752 _____ C:\Windows\seventeen.exe
2017-01-01 15:47 - 2017-01-01 23:50 - 00009080 _____ C:\Users\venkat\Desktop\Shares Strategy.xlsx
2016-12-31 15:21 - 2016-12-31 15:21 - 00001181 ____N C:\Users\Public\Desktop\TeamPostgreSQL Web Client.lnk
2016-12-31 15:21 - 2016-12-31 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamPostgreSQL
2016-12-31 15:12 - 2016-12-31 15:21 - 00000000 ____D C:\Program Files (x86)\TeamPostgreSQL
2016-12-30 21:40 - 2010-09-11 10:51 - 00439808 _____ (Atheros) C:\Windows\system32\athihvs.dll
2016-12-30 21:34 - 2016-12-30 21:34 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-12-30 21:25 - 2016-12-30 21:25 - 04057776 _____ (Oleg N. Scherbakov) C:\Users\venkat\Downloads\HPSupportSolutionsFramework-12.5.32.203.exe
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\Documents\SafeNet Sentinel
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\.spss
2016-12-30 20:32 - 2016-12-30 20:32 - 00000000 ____D C:\Users\venkat\AppData\Roaming\HP TCS
2016-12-30 20:13 - 2016-12-30 20:13 - 00000000 ____D C:\Users\venkat\AppData\Roaming\CyberLink
2016-12-30 20:12 - 2016-12-30 20:12 - 00000000 ____D C:\Users\Public\CyberLink
2016-12-30 20:09 - 2016-12-30 20:12 - 00000000 ____D C:\Users\venkat\Documents\Youcam
2016-12-30 15:13 - 2016-12-31 13:26 - 00000000 ____D C:\Users\venkat\Desktop\Postgres
2016-12-30 12:45 - 2016-12-30 21:37 - 00000000 ____D C:\Users\venkat\AppData\Roaming\pgAdmin
2016-12-29 23:28 - 2016-12-29 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.6
2016-12-29 23:21 - 2016-12-29 23:21 - 00000000 ____D C:\Program Files\PostgreSQL
2016-12-28 17:54 - 2016-12-28 17:54 - 00014785 _____ C:\Users\venkat\Desktop\xe~1.sql
2016-12-28 17:54 - 2016-12-28 17:54 - 00001479 _____ C:\Users\venkat\xe.sql
2016-12-25 18:08 - 2017-01-10 11:13 - 00010932 _____ C:\Users\venkat\Desktop\Important Days & bills.xlsx
2016-12-21 13:34 - 2016-12-21 13:35 - 04700160 _____ C:\Users\venkat\Downloads\remote area.xls
2016-12-20 17:33 - 2016-12-20 19:28 - 00000000 ____D C:\Users\venkat\Desktop\New Technologies
2016-12-17 15:21 - 2016-12-17 16:02 - 00000000 ____D C:\Users\venkat\AppData\Roaming\SQL Developer
2016-12-17 15:21 - 2016-12-17 15:21 - 00001612 ____N C:\Users\venkat\Desktop\sqldeveloper.exe - Shortcut.lnk
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\Users\venkat\AppData\Roaming\sqldeveloper
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\ProgramData\Oracle
2016-12-17 15:19 - 2016-12-17 15:19 - 00000000 ____D C:\Users\venkat\Desktop\sqldeveloper-4.2.0.16.260.1303-x64
2016-12-17 14:59 - 2016-12-17 14:59 - 00000000 ____D C:\Users\venkat\Oracle
2016-12-17 14:58 - 2016-12-17 14:58 - 00000000 ____D C:\oraclexe
2016-12-17 14:33 - 2016-12-17 14:33 - 00003102 _____ C:\Windows\System32\Tasks\{05D8699E-CC8C-47DF-99BE-26F68EB63901}
2016-12-17 14:26 - 2016-12-17 14:26 - 00000624 _____ C:\Users\venkat\Desktop\tnsnames.ora
2016-12-17 14:10 - 2017-01-07 22:21 - 00000000 ____D C:\Program Files (x86)\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\Program Files (x86)\Raize
2016-12-17 14:10 - 2005-01-08 03:00 - 00024064 _____ (Raize Software, Inc.) C:\Windows\SysWOW64\CS30Inspectors70.bpl
2016-12-17 14:10 - 2002-08-09 08:00 - 01381376 _____ (Borland Software Corporation) C:\Windows\SysWOW64\vcl70.bpl
2016-12-17 14:10 - 2002-08-09 08:00 - 00778240 _____ (Borland Software Corporation) C:\Windows\SysWOW64\rtl70.bpl
2016-12-17 14:10 - 2002-08-09 08:00 - 00227328 _____ (Borland Software Corporation) C:\Windows\SysWOW64\vclie70.bpl
2016-12-17 13:55 - 2016-12-17 13:55 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Dell
2016-12-17 13:49 - 2016-12-17 13:49 - 00046441 _____ C:\Users\venkat\Downloads\dataDec-17-2016 (1).sql
2016-12-17 13:47 - 2016-12-17 16:01 - 00043163 _____ C:\Users\venkat\Downloads\dataDec-17-2016.sql
2016-12-16 21:01 - 2016-12-28 17:02 - 00000000 ____D C:\Users\venkat\Desktop\Freelancers

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-12 22:52 - 2009-09-30 08:38 - 01396488 _____ C:\Windows\WindowsUpdate.log
2017-01-12 22:11 - 2016-05-20 07:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-12 22:08 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-12 22:08 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-12 22:01 - 2016-07-23 04:40 - 00000000 ____D C:\ProgramData\VMware
2017-01-12 22:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-12 22:01 - 2009-07-13 23:51 - 00205316 _____ C:\Windows\setupact.log
2017-01-12 22:00 - 2010-12-22 22:28 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job
2017-01-12 21:37 - 2010-01-13 17:08 - 00000000 ____D C:\Users\Apoorva
2017-01-12 16:54 - 2016-07-16 10:26 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Skype
2017-01-12 10:12 - 2016-08-01 04:54 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Notepad++
2017-01-11 13:13 - 2010-01-13 18:10 - 00516630 _____ C:\Windows\PFRO.log
2017-01-10 21:48 - 2016-10-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-10 21:19 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2017-01-10 21:13 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2017-01-10 21:11 - 2016-05-20 07:54 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 21:11 - 2016-05-20 07:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 21:11 - 2011-10-12 09:30 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 21:11 - 2011-10-12 09:30 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 21:11 - 2009-08-21 12:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 20:36 - 2016-10-28 22:09 - 00000000 ____D C:\Program Files\McAfee
2017-01-10 18:19 - 2016-09-21 19:18 - 00000000 ____D C:\Users\venkat\Desktop\EAD
2017-01-10 13:25 - 2010-01-13 17:30 - 00002054 _____ C:\Users\Public\Desktop\Accessories.lnk
2017-01-10 01:00 - 2010-12-22 22:28 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job
2017-01-09 20:14 - 2016-07-24 08:59 - 00000000 ____D C:\ProgramData\LightScribe
2017-01-09 17:23 - 2016-07-17 09:06 - 00000235 _____ C:\Users\venkat\Desktop\bags with tsa locks.txt
2017-01-08 21:05 - 2010-04-21 18:27 - 00000000 ____D C:\ProgramData\Recovery
2017-01-08 21:00 - 2010-01-13 17:15 - 00118592 _____ C:\Users\Apoorva\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-08 20:55 - 2010-12-22 22:29 - 00002285 _____ C:\Users\Apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 20:55 - 2010-12-22 22:29 - 00002255 _____ C:\Users\Apoorva\Desktop\Google Chrome.lnk
2017-01-08 13:51 - 2016-07-24 10:36 - 00000000 ____D C:\Users\venkat\AppData\Local\Downloaded Installations
2017-01-08 13:10 - 2010-09-12 17:57 - 00000000 ____D C:\Users\Apoorva\Documents\My Received Files
2017-01-07 23:23 - 2016-07-23 04:53 - 00000000 ____D C:\Users\venkat\AppData\Roaming\VMware
2017-01-07 13:49 - 2016-07-24 11:52 - 00000000 ____D C:\ProgramData\Nero
2017-01-07 13:41 - 2016-07-24 11:54 - 00000188 _____ C:\Windows\SysWOW64\MsiExec.exe.log
2017-01-07 11:04 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat\AppData\Local\VirtualStore
2017-01-06 20:40 - 2011-09-30 10:21 - 00000000 ____D C:\Windows\Minidump
2017-01-05 22:13 - 2016-07-16 03:03 - 00000000 ____D C:\Users\venkat\Desktop\Movies
2017-01-05 18:28 - 2016-10-28 22:14 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-01-05 18:27 - 2016-10-28 22:14 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-01-05 18:21 - 2016-10-28 22:08 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-01-05 17:09 - 2009-07-14 00:13 - 00786806 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-05 17:04 - 2016-10-28 21:47 - 00000000 ____D C:\Users\venkat\AppData\Local\LogMeIn Rescue Applet
2017-01-05 12:43 - 2010-01-13 17:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-05 12:42 - 2016-05-28 03:09 - 00002327 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-01-05 12:42 - 2016-05-20 07:24 - 00002157 ____R C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2017-01-05 12:41 - 2016-05-28 03:09 - 00002315 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2016-12-31 15:26 - 2016-07-26 07:01 - 00000000 ____D C:\Users\venkat\AppData\Roaming\BITS
2016-12-31 10:13 - 2010-01-31 21:52 - 00000000 ____D C:\Program Files\Google
2016-12-30 23:25 - 2016-05-28 03:01 - 00000000 ____D C:\Users\venkat\AppData\Local\Google
2016-12-30 23:25 - 2011-06-27 18:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-30 23:25 - 2011-06-27 18:48 - 00000000 ____D C:\ProgramData\Skype
2016-12-30 23:25 - 2010-01-13 17:57 - 00000000 ____D C:\ProgramData\Google
2016-12-30 21:40 - 2011-04-16 17:15 - 00000000 ____D C:\Windows\system32\nn-NO
2016-12-30 21:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2016-12-30 21:29 - 2016-05-20 07:26 - 00000000 ____D C:\Users\venkat\AppData\Local\Hewlett-Packard
2016-12-30 21:07 - 2009-08-21 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-30 21:05 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat
2016-12-30 20:48 - 2011-04-22 22:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-12-30 20:17 - 2011-02-26 22:03 - 00000000 ____D C:\ProgramData\UAB
2016-12-30 20:10 - 2009-08-21 13:48 - 00000000 ____D C:\ProgramData\CyberLink
2016-12-29 23:19 - 2016-07-24 10:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-25 16:10 - 2016-09-15 21:04 - 00000087 _____ C:\Users\venkat\AppData\default.pls
2016-12-17 14:37 - 2010-01-13 17:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-16 17:54 - 2010-02-15 13:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 17:54 - 2010-02-15 13:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-01-12 22:02 - 2017-01-12 22:02 - 0000000 _____ () C:\Users\venkat\AppData\Local\AtStart.txt
2017-01-12 22:02 - 2017-01-12 22:02 - 0000000 _____ () C:\Users\venkat\AppData\Local\DSwitch.txt
2017-01-12 22:02 - 2017-01-12 22:02 - 0000000 _____ () C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-12 22:02 - 2017-01-12 22:02 - 0000290 _____ () C:\ProgramData\hpqp.ini
2017-01-12 21:38 - 2017-01-12 22:52 - 0006067 _____ () C:\ProgramData\HPWALog.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-07-08 21:25

==================== End of FRST.txt ============================

venkatbollu · Jan 12, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by venkat (2017-01-12 22:53:42)
Running from C:\Users\venkat\Desktop\New folder
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-13 22:08:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3623452270-2088294941-995359613-500 - Administrator - Disabled)
Apoorva (S-1-5-21-3623452270-2088294941-995359613-1001 - Administrator - Enabled) => C:\Users\Apoorva
Guest (S-1-5-21-3623452270-2088294941-995359613-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3623452270-2088294941-995359613-1002 - Limited - Enabled)
venkat (S-1-5-21-3623452270-2088294941-995359613-1003 - Administrator - Enabled) => C:\Users\venkat
__vmware_user__ (S-1-5-21-3623452270-2088294941-995359613-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
BitTorrent (HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CodeSite 3.0.1 Client Tools (HKLM-x32\...\CodeSite 3.0.1 Client Tools) (Version: 3.0 - Raize Software, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
FirstClass® Client (HKLM-x32\...\{2869279D-7AE2-4A13-96B8-46078BA3F75B}) (Version: 11.0 (build 11.005) - Open Text Corporation.)
FlashGet 3.3 (HKLM-x32\...\FlashGet 3.3) (Version: 3.3.0.1092 - http://www.FlashGet.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.4.18.7 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{4E432692-A736-4F77-AF77-F9078CF88D31}) (Version: 3.50.11.2 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
PASW Statistics 18 (HKLM-x32\...\{C25215FC-5900-48B0-B93C-8D3379027312}) (Version: 18.0.0 - SPSS Inc.)
PostgreSQL 9.6 (HKLM\...\PostgreSQL 9.6) (Version: 9.6 - PostgreSQL Global Development Group)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.2.0 - Adlice Software)
RPS CRT (x32 Version: 9.0.40 - Bell) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
TeamPostgreSQL 1.07 (HKLM-x32\...\0115-9748-2388-7305) (Version: 1.07 - Webworks SA)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VEX Programming Driver 64-bit (HKLM-x32\...\{00B74926-F27A-4661-8827-6BFCAFD35AF0}) (Version: 1.0.0.2 - VEX Robotics, Inc.)
VEXnet Firmware Upgrade Utility (HKLM-x32\...\VEXnet Firmware Upgrade Utility_is1) (Version: - )
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
VMware Workstation (HKLM-x32\...\{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}) (Version: 6.5.1.5078 - VMware, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

07-01-2017 13:31:11 Removed Nero 8 Essentials. Available with Windows Installer version 1.2 and later.
07-01-2017 14:06:24 Removed Toad for Oracle
10-01-2017 15:57:07 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-01-05 16:17 - 2017-01-10 21:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04C79267-0EC4-4985-882D-E7E935DB911B} - System32\Tasks\{F2F30F23-07ED-45A3-849C-B55476ECCFAF} => C:\Program Files (x86)\FirstClass\fcc32.exe [2011-02-15] (Open Text Inc.)
Task: {0E1DB523-5AB8-4747-85EA-BEEB91AA4867} - System32\Tasks\{E7958005-452C-41D7-9DF8-14E78BEBCCB6} => Chrome.exe http://ui.skype.com/ui/0/5.3.0.116....google-chrome:notoffered;ienotdefaultbrowser2
Task: {13F33A43-6318-47FD-A3C7-16E5BE070570} - System32\Tasks\{05D8699E-CC8C-47DF-99BE-26F68EB63901} => pcalua.exe -a F:\venkat\DATA\OracleXEClient.exe -d F:\venkat\DATA
Task: {1AA42887-21B2-4795-BF03-B9A3BD780FAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-07] (HP Inc.)
Task: {1FB92414-E13F-45B9-A2A4-B2C29EEA3D05} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {21D3B24C-5B7C-460F-B519-25DA61FEF396} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-08] (Hewlett-Packard)
Task: {3AB3CA47-0F53-487F-9244-90E5D4042065} - System32\Tasks\{EA460A63-A1D1-4BFF-AD39-98B87763B670} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-11-15] (Skype Technologies S.A.)
Task: {400A1DFE-1699-46DC-AD0E-AB676CE8C7D3} - System32\Tasks\{FAF9B758-61CE-4ECD-BF20-E49B8D2241F6} => pcalua.exe -a C:\Users\Apoorva\Downloads\Shockwave_Installer_Slim.exe -d C:\Users\Apoorva\Downloads
Task: {4ACE4019-02FA-4113-AAC4-5A1139E418F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {4B95C303-C0C1-4521-936B-3EB156890FAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {4D45399D-586E-42BF-BCD2-573CAB8B6119} - System32\Tasks\{6823A56D-DDC6-4B70-B152-0D965D06C1A3} => F:\adobe-master-cs4-keygen.exe
Task: {5309CFE5-ED98-40BB-B579-0914BAE25204} - System32\Tasks\{A86CC31E-76A7-4341-89DD-75CE59D7457D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -c -runfromtemp -l0x0009 -uninst -removeonly
Task: {53DF5D7F-66C9-4DE1-AE88-D45C11632981} - System32\Tasks\{97AE6B8B-F48F-4D2B-8286-745C193C3C2C} => F:\adobe-master-cs4-keygen.exe
Task: {65A3F676-92BC-4873-9F12-6B183064BC8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {761F6C41-F669-4B38-AB34-C0E89AB3028A} - System32\Tasks\{5FE19C52-A260-4A87-AC2C-1DB8E2FD4111} => pcalua.exe -a "C:\Program Files (x86)\Windows Live Safety Center\wlschost.exe" -c -Uninstall
Task: {7A746220-D1E7-4DE8-B7C1-2A98F0C76856} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {7B23C974-6F2B-4C8D-9E6B-2F4593FB6682} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {7B261AA9-7538-43ED-9927-C498780007AF} - System32\Tasks\ba30338763033876 => C:\Program Files (x86)\Cappuccinos\intravenous.exe
Task: {80BBF6EC-4102-4BBA-B843-3A55F21260AA} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {84F43933-098E-4187-BC12-ED32FB2D859B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-10-11] (McAfee, Inc.)
Task: {8AC9B359-2774-4C42-945D-96972DDDD3C2} - System32\Tasks\{A62FE67E-04F7-4FA7-ADAE-6AAE7C264E12} => F:\adobe-master-cs4-keygen.exe
Task: {9315B6A8-3E47-463E-9AEF-7CA62B1EEDC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {A100F944-0708-46F3-B701-70A612F256F7} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {A8C5C8E1-A339-4625-9317-2950683F350F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {D2D44C00-FD62-4039-AE4B-FA5E4BF9C508} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D92E1664-B5CB-4742-B020-DA5C814F91B3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {DB481021-DDF9-4603-B123-946F004563B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DCDC0242-F5FE-48C2-8944-D77046A0C242} - System32\Tasks\{B6493AA2-6DCF-4DB4-8540-1313591AD2B7} => F:\adobe-master-cs4-keygen.exe
Task: {E3E4A235-E952-40C3-85FC-2789F325AAE5} - System32\Tasks\bak3033876k3033876 => C:\Program Files (x86)\leander\leander.exe
Task: {EF3D6DEF-1AE9-4A8B-8A71-6114B5E4CBF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {F5ED44E4-7C17-4D17-AC67-BD0DA4B35077} - System32\Tasks\{420B1986-45F9-4D13-9576-68D05B728CDD} => F:\adobe-master-cs4-keygen.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2016-12-29 23:23 - 2016-10-25 05:08 - 00182784 _____ () C:\Program Files\PostgreSQL\9.6\bin\LIBPQ.dll
2009-08-21 13:55 - 2009-01-21 13:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-12-29 23:28 - 2016-08-01 05:29 - 02264576 _____ () C:\Program Files\PostgreSQL\9.6\bin\libxml2.dll
2016-12-31 15:19 - 2016-10-06 23:26 - 00197120 _____ () C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
2017-01-07 13:43 - 2017-01-11 17:44 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-10 13:06 - 2017-01-11 17:44 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-23 04:23 - 2010-03-15 00:58 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-11-27 12:55 - 2016-11-27 12:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2016-12-14 15:57 - 2016-12-08 03:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 15:57 - 2016-12-08 03:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-12 22:23 - 2017-01-12 22:23 - 00852798 _____ () C:\Users\venkat\Downloads\SecurityCheck.exe
2017-01-11 11:22 - 2017-01-11 11:22 - 31167576 _____ () C:\Users\venkat\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll
2008-10-28 12:38 - 2008-10-28 12:38 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2008-10-28 12:38 - 2008-10-28 12:38 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
2011-03-28 19:40 - 2006-05-25 15:20 - 00241664 _____ () C:\Program Files (x86) (x86)\Lexmark 3400 Series\iptk.dll
2017-01-09 13:37 - 2017-01-09 13:36 - 00204800 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
2016-11-27 12:55 - 2016-11-27 12:55 - 00021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\kuaiche.com -> hxxp://software.kuaiche.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AEFE6630-389E-44DF-82F3-9485A7A6FD6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{CD3BBA8F-D17B-418B-B56F-F8B2608FFAAB}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{3D774B82-31A0-4C83-881F-4A06ED7619BA}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{14C6C2AC-2EDB-4705-9A83-364F97376224}] => (Allow) C:\Users\Apoorva\Downloads\Bitcomet\BitComet.exe
FirewallRules: [{73288AF7-2806-4D81-A131-053D89D47F0C}] => (Allow) C:\Users\Apoorva\Downloads\Bitcomet\BitComet.exe
FirewallRules: [{47FC9419-5892-47CA-B917-915EA4362EA5}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{9F022428-26EC-44CC-A40F-F6E7C0191156}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{0C4814E0-119B-4F84-9444-7989C1985B37}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{F3DC371C-4528-494E-8DE9-5C35ED44EAD1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{46D10E6C-F4DC-4E78-9BCC-E9DAF8919A5F}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{F48B909D-B583-42E0-AF37-3197053845FA}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{7393CE50-32F0-48CC-A376-EC1B9F59E385}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{ADF450EF-2A82-4C17-AC44-006380307EC6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{01AD65CD-19EA-4FA8-A727-7F95AF4E8574}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DEE232A2-F0BE-4EB1-9E1C-0109C368E6EF}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{C5D0C97C-7162-477A-902E-C069810DF6C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{8662FEFB-4A27-4D64-A82D-73ABE4C1C88A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{6BF1A9AF-9E34-477A-8CF1-7B41546E1E47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{17ED5779-2164-46E0-8E9F-01A66A91DCF7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C4ED4A68-B3ED-4552-AC94-894659188A51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{BFCB4B69-A999-4840-8C2C-AE4A83A48F37}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{FF52AFEB-0A7E-4049-8FA6-745427DC305F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EBB4F998-53A1-4361-AEAB-1CF260C6C585}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{68B26E8D-C2AF-40B9-8390-7F701DC8A6CA}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{16C4A618-F814-4845-8A60-0B4ECD8E8A32}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C7B04456-7990-43AA-B8F4-BB700129395B}] => (Allow) svchost.exe
FirewallRules: [{433D8BC5-FC16-444C-AF78-7A9630EC5976}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{9D896ACF-4069-49CF-850B-E29E594015F9}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe
FirewallRules: [{954892B4-46AF-43D2-8FC4-F2A27ED3F2FE}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe
FirewallRules: [{C8BC2726-ACC8-4AB4-A3B9-00762493D0F6}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{4FDCF821-2B16-45C3-9EA6-AE259B4E6764}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{4E82F33F-C870-44BA-8642-4D75868180E8}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{C1828FFF-05CF-488B-A7CE-EA3E54888C6E}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{B6B4FE57-8DE8-473E-89BE-BA346E80B818}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{EAFC6447-CCF0-4ACB-A4DB-6128764B0CB5}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{4DDB8838-4FB0-4C42-B881-A0B0BA19E0FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{197BDDFC-5E69-4551-ACB7-10CF33684645}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{F7C17022-D05C-4358-B584-6EAFC61F0590}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [UDP Query User{370E9F8A-6264-4DB5-BB55-E45F3E8C9FC2}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [{E3D44FAE-A6D8-4378-AA27-F55F0DAF83C4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A6CA6B5-C57A-4F0D-8D20-474FF804A814}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{D378E215-5A71-4506-80FF-6FA1BBFF9645}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{8609C6CF-FC48-4942-9D81-AA44483D2804}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{EDA7D9FD-3485-41A7-BAC7-7308CDC798F6}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{7B6AE310-337D-4302-858F-EDFD2E2D8F24}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{2C0FE087-8539-4604-A7AD-492226CCA3A4}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{E4E5E4BE-AFB3-4BE3-B4DA-9F8A65AA78BB}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{CB34981A-B7C8-4CF5-B04D-DB2B898FCE79}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{94A7E039-4028-4F49-A11D-00E709D996C2}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{FF753986-7706-4B2C-A39C-9C96EB1FE880}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{8EA72A0D-BD79-4ED2-8BF5-4C2737B06E0E}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{729F16B0-117F-493A-B125-AE2D36AA2B2C}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{D5A1A7A3-074D-4010-8152-848D7772DA60}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{4B8026D1-DC47-4723-A2EB-5702476D268E}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{893F4CF6-6E71-4140-B976-65E37B87C634}] => (Allow) LPort=135
FirewallRules: [{4723771B-437C-4765-95FA-278C9E7E0455}] => (Allow) LPort=5000
FirewallRules: [{98FAB258-07BE-462B-BD2D-C99E621C7463}] => (Allow) LPort=5001
FirewallRules: [{337E4CE1-CD3D-414A-B956-5BCD0DDFA588}] => (Allow) LPort=5002
FirewallRules: [{D1B32D62-5643-44C2-8237-9ECEC69FA6F5}] => (Allow) LPort=5003
FirewallRules: [{AAB6F790-7E12-42B4-AA84-8B7D5DBBD127}] => (Allow) LPort=5004
FirewallRules: [{40505419-B36F-4ED9-99E1-333C30352BBE}] => (Allow) LPort=5005
FirewallRules: [{79F935B9-5F45-4749-B1E9-46B53833A916}] => (Allow) LPort=5006
FirewallRules: [{9B1C853D-5AF9-4398-8790-F33A30F41CC9}] => (Allow) LPort=5007
FirewallRules: [{7A7DD6BE-A3FD-466B-8AEF-B6EF42656EAA}] => (Allow) LPort=5008
FirewallRules: [{BF392420-ABB5-4021-A31B-11959EA4D6F4}] => (Allow) LPort=5009
FirewallRules: [{E4E85B71-49EE-4C9E-8386-FFA06766BB02}] => (Allow) LPort=5010
FirewallRules: [{79C52F32-7ABB-4A07-8B95-763A4AA511AD}] => (Allow) LPort=5011
FirewallRules: [{F746FA93-DB05-42A5-8AEC-F2ED445AB863}] => (Allow) LPort=5012
FirewallRules: [{98EC8327-FA6C-4DCC-AA5B-F2BBF58BCE12}] => (Allow) LPort=5013
FirewallRules: [{24D4CA68-6B12-417E-955A-8F05673BDD37}] => (Allow) LPort=5014
FirewallRules: [{E5D31E9E-DFFD-4A4B-A73B-E7D856740894}] => (Allow) LPort=5015
FirewallRules: [{39F739A5-8154-4D47-9F08-AF4D754ED623}] => (Allow) LPort=5016
FirewallRules: [{A4C08BDE-D1AA-48A8-A116-8662DD488E14}] => (Allow) LPort=5017
FirewallRules: [{D2A12F58-F605-4230-90FB-6856FDD8CA2C}] => (Allow) LPort=5018
FirewallRules: [{ACD18103-2A45-435F-BB0A-35DC7EB216BE}] => (Allow) LPort=5019
FirewallRules: [{D515A646-46D6-45B5-8D82-ABE09399B6A3}] => (Allow) LPort=5020
FirewallRules: [{90D50485-A642-4384-B7FA-98D91C227441}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{5790F44F-371D-45A6-89D7-52200AE8ED1F}] => (Allow) C:\Users\venkat\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{27E47AA8-1635-451E-9B12-6D3B39F0FB7C}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0E8E89E2-E554-4C77-8774-25C0619E5E1A}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8873BAFF-3CE1-4F6C-8D2F-D41F2A936F60}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4A845098-E8BF-4FB5-879E-ABDC2EAA4C24}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{01222CD2-A8E5-47D6-8622-79FB6885A97B}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BE191360-1E8D-40FC-A910-673F07745296}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1267A1C0-8A4B-490B-8BF2-CDD32655589E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{8AF4AB71-B2CC-46DE-8C86-4D9D2A8BD1B3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{3A2BE009-AD59-49F2-8788-61AE5F20B5DC}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{3CE1E5FE-7010-4290-96EE-2B1B9E36D19F}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{440517F2-B7C1-4770-878B-D163BBE82A9A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{6409F507-F069-48F1-8982-0846FE9C5906}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Allow) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [UDP Query User{75C98348-52DF-4811-A14D-4D76A1CE13E7}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Allow) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [TCP Query User{D5D0CA2B-67BE-46FB-9633-8327688037E0}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{00EDC32E-363B-4443-87C3-29495E6499D4}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{69ED8510-C0D7-4FE0-9B70-4C47219A27EB}C:\program files (x86)\teampostgresql\misc\teampostgresql.exe] => (Allow) C:\program files (x86)\teampostgresql\misc\teampostgresql.exe
FirewallRules: [UDP Query User{5223A622-1565-4093-89D5-AFD8738D2ED2}C:\program files (x86)\teampostgresql\misc\teampostgresql.exe] => (Allow) C:\program files (x86)\teampostgresql\misc\teampostgresql.exe
FirewallRules: [{D08B1B32-C4FB-4D27-B443-9CD2A71F6697}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜獩牣慥楴湯畯楲潮䵜獩牣慥楴湯畯楲潮攮數
FirewallRules: [{2D129E07-FBFD-415B-AEFA-6D23C757F0D2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜獩牣慥楴湯畯楲潮䵜獩牣慥楴湯畯楲潮⹟硥e
FirewallRules: [{D0BF5994-3AF8-417C-B83D-B0EF6E90D9DF}] => (Allow) C:\Program Files (x86)\Mutilated\intravenous.exe
FirewallRules: [{D7699F0F-66C1-4743-9E77-58E03F0CC99E}] => (Allow) C:\Program Files (x86)\Cappuccinos\intravenous.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2017 09:42:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.865, time stamp: 0x584ee8a0
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a1dc
Exception code: 0xc0000005
Fault offset: 0x00192cf1
Faulting process id: 0x11b0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Apoorva-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Apoorva-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Apoorva-PC)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\venkat\ntuser.dat

Error: (01/10/2017 01:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.865, time stamp: 0x584ee8a0
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a1dc
Exception code: 0xc0000005
Fault offset: 0x00192cf1
Faulting process id: 0xb60
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/10/2017 04:33:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: Flash64_24_0_0_186.ocx, version: 24.0.0.186, time stamp: 0x584c950f
Exception code: 0xc0000005
Fault offset: 0x000000000033eabe
Faulting process id: 0x%9
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3

Error: (01/09/2017 09:10:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: Flash64_24_0_0_186.ocx, version: 24.0.0.186, time stamp: 0x584c950f
Exception code: 0xc0000005
Fault offset: 0x000000000033e4c8
Faulting process id: 0x%9
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3

Error: (01/09/2017 06:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: intravenous.exe, version: 1.0.0.0, time stamp: 0x586e06e5
Faulting module name: Flash64_24_0_0_186.ocx, version: 24.0.0.186, time stamp: 0x584c950f
Exception code: 0xc0000005
Fault offset: 0x0000000000032d5e
Faulting process id: 0x%9
Faulting application start time: 0xintravenous.exe0
Faulting application path: intravenous.exe1
Faulting module path: intravenous.exe2
Report Id: intravenous.exe3

Error: (01/09/2017 11:11:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.865, time stamp: 0x584ee77c
Faulting module name: mbamtray.exe, version: 3.0.0.865, time stamp: 0x584ee77c
Exception code: 0xc0000005
Fault offset: 0x0000486b
Faulting process id: 0x1258
Faulting application start time: 0xmbamtray.exe0
Faulting application path: mbamtray.exe1
Faulting module path: mbamtray.exe2
Report Id: mbamtray.exe3

System errors:
=============
Error: (01/12/2017 10:01:28 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 4) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (01/12/2017 09:59:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.235.70.0

Update Source: %NT AUTHORITY59

Update Stage: 4.10.209.00

Source Path: 4.10.209.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (01/12/2017 09:59:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (01/12/2017 09:24:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee CSP Service service failed to start due to the following error:
%%2

Error: (01/12/2017 09:24:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (01/12/2017 09:22:31 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 4) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (01/12/2017 09:22:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Module Core Service service failed to start due to the following error:
%%2

Error: (01/12/2017 09:22:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Service Controller service failed to start due to the following error:
%%2

Error: (01/12/2017 09:22:27 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Boot Delay Start Service service depends the following service: mfevtp. This service might not be installed.

Error: (01/12/2017 09:22:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxcy_device service failed to start due to the following error:
%%2

CodeIntegrity:
===================================
Date: 2017-01-10 21:10:23.723
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-10 21:10:23.520
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-10 19:39:08.708
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:38.264
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:35.643
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:35.612
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:32.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:32.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:32.148
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:32.117
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

venkatbollu · Jan 12, 2017

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 75%
Total physical RAM: 3999.19 MB
Available physical RAM: 965.32 MB
Total Virtual: 7996.56 MB
Available Virtual: 2966.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.41 GB) (Free:113.79 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.49 GB) (Free:2.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 098B9E73)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Jan 12, 2017

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

venkatbollu · Jan 12, 2017

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by venkat (2017-01-12 23:07:25) Run:2
Running from C:\Users\venkat\Desktop\New folder
Loaded Profiles: venkat (Available Profiles: Apoorva & venkat)
Boot Mode: Normal
==============================================

fixlist content:
*****************
2017-01-05 12:46 - 2017-01-12 21:59 - 00000000 ___HD C:\Program Files (x86)\Cappuccinos
2017-01-05 12:46 - 2017-01-12 21:41 - 00000000 ___HD C:\Program Files (x86)\Mutilated
2017-01-12 22:02 - 2017-01-12 22:02 - 0000000 _____ () C:\Users\venkat\AppData\Local\AtStart.txt
2017-01-12 22:02 - 2017-01-12 22:02 - 0000000 _____ () C:\Users\venkat\AppData\Local\DSwitch.txt
2017-01-12 22:02 - 2017-01-12 22:02 - 0000000 _____ () C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-12 22:02 - 2017-01-12 22:02 - 0000290 _____ () C:\ProgramData\hpqp.ini
2017-01-12 21:38 - 2017-01-12 22:52 - 0006067 _____ () C:\ProgramData\HPWALog.txt
Task: {7B261AA9-7538-43ED-9927-C498780007AF} - System32\Tasks\ba30338763033876 => C:\Program Files (x86)\Cappuccinos\intravenous.exe
FirewallRules: [{D0BF5994-3AF8-417C-B83D-B0EF6E90D9DF}] => (Allow) C:\Program Files (x86)\Mutilated\intravenous.exe
FirewallRules: [{D7699F0F-66C1-4743-9E77-58E03F0CC99E}] => (Allow) C:\Program Files (x86)\Cappuccinos\intravenous.exe
FirewallRules: [{D08B1B32-C4FB-4D27-B443-9CD2A71F6697}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜獩牣慥楴湯畯楲潮䵜獩牣慥楴湯畯楲潮攮數
FirewallRules: [{2D129E07-FBFD-415B-AEFA-6D23C757F0D2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜獩牣慥楴湯畯楲潮䵜獩牣慥楴湯畯楲潮⹟硥e
*****************

C:\Program Files (x86)\Cappuccinos => moved successfully
C:\Program Files (x86)\Mutilated => moved successfully
C:\Users\venkat\AppData\Local\AtStart.txt => moved successfully
C:\Users\venkat\AppData\Local\DSwitch.txt => moved successfully
C:\Users\venkat\AppData\Local\QSwitch.txt => moved successfully
C:\ProgramData\hpqp.ini => moved successfully
C:\ProgramData\HPWALog.txt => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B261AA9-7538-43ED-9927-C498780007AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B261AA9-7538-43ED-9927-C498780007AF}" => key removed successfully
C:\Windows\System32\Tasks\ba30338763033876 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ba30338763033876" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0BF5994-3AF8-417C-B83D-B0EF6E90D9DF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7699F0F-66C1-4743-9E77-58E03F0CC99E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D08B1B32-C4FB-4D27-B443-9CD2A71F6697} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D129E07-FBFD-415B-AEFA-6D23C757F0D2} => value removed successfully

==== End of Fixlog 23:07:28 ====

venkatbollu · Jan 12, 2017

I want to understand how long the security check takes. If this takes about 3 to 4 hours I will leave it running and share the log tomorrow morning.

Broni · Jan 12, 2017

Very good

Sorry for the confusion.

Now you can proceed with last steps listed previously.
First two scans should be an instant.
TFC will take 5-10 minutes.
Sophos will take a while

venkatbollu · Jan 12, 2017

System check is really stuck for sometime now. It is showing "Performing System Health Check" for a 30 minutes now.

Broni · Jan 12, 2017

It shouldn't be like that.
Restart computer and try again.
If it doesn't complete in couple of minutes, skip it.

venkatbollu · Jan 13, 2017

I rebooted but still the same issue, I believe that has something to do with the defragmentation, if so it would surely takes some time on my system atleast. So I am leaving that to complete and did the 2nd step FSS.

Farbar Service Scanner Version: 27-01-2016
Ran by venkat (administrator) on 13-01-2017 at 00:12:23
Running from "C:\Users\venkat\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

venkatbollu · Jan 13, 2017

Sophos says my computer is clean after running for 10 hours. Not sure what happen to Security check, I left my laptop running overnight and it disappeared when I checked it in the morning.

One thing is, chrome is still showing a different search engine than google(set by me) whenever I open a new tab. Just like below

venkatbollu · Jan 13, 2017

I just cleaned the chrome and reinstalled it, Looks it is clear now. But there is some uneven CPU Usage even when there is nothing opened, while using chrome, sometimes it hangs for 7 to 10 secs.. The below is the image of the same with just malwarebytes checking for updates and nothing else opened. After all clean ups, I am planning to install Tableau in this laptop for my learning. This may cause slowness for sure.

Broni · Jan 13, 2017

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
NOTE. Windows Vista, 7 and 8 users right click on procexp.exe, click "Run As Administrator".
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Paste the content into your next reply.

venkatbollu · Jan 13, 2017

Process CPU Private Bytes Working Set PID Description Company Name Command Line
System Idle Process < 0.01 0 K 24 K 0
System 1.13 292 K 8,132 K 4
Interrupts 1.54 0 K 0 K n/a Hardware Interrupts and DPCs
smss.exe 432 K 320 K 280 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe < 0.01 2,408 K 2,112 K 380 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
conhost.exe 872 K 488 K 1384 Console Window Host Microsoft Corporation \??\C:\Windows\system32\conhost.exe "890724651-1217326092205610044420253409831322301429-1786893878-1712603863-838508959
conhost.exe < 0.01 1,132 K 360 K 1112 Console Window Host Microsoft Corporation \??\C:\Windows\system32\conhost.exe "252610644-825026356-1444084548238033382-716228249150492981-2110398118-1513871978
wininit.exe 1,460 K 732 K 424 Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe 5,964 K 5,232 K 476 Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 0.04 4,296 K 4,284 K 644 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
WmiPrvSE.exe 5,532 K 6,392 K 2828 WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
HpqToaster.exe 2,148 K 1,888 K 2712 HpqToaster Module "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe" -Embedding
svchost.exe 4,936 K 5,844 K 728 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
MsMpEng.exe 8.99 124,612 K 100,924 K 800 Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
svchost.exe 0.04 17,188 K 9,772 K 900 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 16,068 K 16,272 K 3636 Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x38c
svchost.exe 0.24 161,220 K 151,524 K 940 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
wlanext.exe 2,236 K 2,632 K 1372 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation C:\Windows\system32\WLANExt.exe 4087808
dwm.exe 3.16 55,324 K 34,632 K 1052 Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe < 0.01 7,460 K 9,048 K 968 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 43.41 1,228,860 K 663,164 K 992 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 1,904 K 2,052 K 3212 Task Scheduler Engine Microsoft Corporation taskeng.exe {39AE03E2-AD27-496E-94DD-39EE2B4294EC}
taskeng.exe 1,920 K 1,904 K 3336 Task Scheduler Engine Microsoft Corporation taskeng.exe {6D26D069-4F9F-4BE1-8EE4-A2FD9FDA3053}
svchost.exe < 0.01 28,420 K 26,496 K 1260 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
spoolsv.exe 6,532 K 2,428 K 1428 Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe 14,828 K 10,920 K 1460 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 4,164 K 2,328 K 1632 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
svchost.exe 1,320 K 444 K 1668 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k HsfXAudioService
LSSrvc.exe 1,204 K 368 K 1808 LightScribe Service Hewlett-Packard Company "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
PEFService.exe 1,652 K 1,336 K 1904 Intel Security PEF Service Intel Security, Inc. "C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe"
pg_ctl.exe 2,052 K 448 K 1940 pg_ctl - starts/stops/restarts the PostgreSQL server PostgreSQL Global Development Group "C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe" runservice -N "postgresql-x64-9.6" -D "C:\Program Files\PostgreSQL\9.6\data" -w
postgres.exe 3,432 K 2,432 K 376 PostgreSQL Server PostgreSQL Global Development Group "C:\Program Files\PostgreSQL\9.6\bin\postgres.exe" -D "C:\Program Files\PostgreSQL\9.6\data"
postgres.exe 3,044 K 720 K 1608 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forklog" "1120" "1116"
postgres.exe 3,008 K 1,460 K 1916 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forkboot" "1252" "-x4"
postgres.exe 3,288 K 1,688 K 1820 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forkavlauncher" "1268"
postgres.exe < 0.01 3,012 K 948 K 1856 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forkboot" "1268" "-x3"
postgres.exe 3,012 K 904 K 1960 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forkboot" "1252" "-x5"
postgres.exe < 0.01 3,008 K 1,268 K 2024 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forkcol" "1252"
RichVideo.exe 1,200 K 672 K 1992 RichVideo Module "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
SeaPort.exe 3,920 K 744 K 2032 Microsoft SeaPort Search Enhancement Broker Microsoft Corporation "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
teampostgresql-service.exe 1,236 K 316 K 1776 "C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe"
teampostgresql-service.exe 0.04 93,528 K 11,032 K 1872 "C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe" "TeamPostgreSQL Service" __i4j_restart
vmnat.exe < 0.01 1,352 K 640 K 2044 VMware NAT Service VMware, Inc. C:\Windows\SysWOW64\vmnat.exe
vmnetdhcp.exe 1,184 K 508 K 2060 VMware VMnet DHCP service VMware, Inc. C:\Windows\SysWOW64\vmnetdhcp.exe
MBAMService.exe 0.93 294,476 K 227,004 K 2104 Malwarebytes Service Malwarebytes "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
vmware-authd.exe 5,192 K 1,836 K 2204 VMware Authorization Service VMware, Inc. "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe"
NisSrv.exe 15,020 K 8,280 K 2820 Microsoft Network Realtime Inspection Service Microsoft Corporation "c:\Program Files\Microsoft Security Client\NisSrv.exe"
taskhost.exe 9,376 K 7,296 K 4076 Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
SearchIndexer.exe 6.32 38,788 K 16,956 K 3976 Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
HPSupportSolutionsFrameworkService.exe < 0.01 44,852 K 9,052 K 3956 HP Support Solutions Framework Service Hewlett-Packard Company "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
svchost.exe 2,044 K 1,820 K 824 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
Com4QLBEx.exe 1,300 K 848 K 1760 Com for QLB application Hewlett-Packard Development Company, L.P. "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
svchost.exe 1,456 K 1,780 K 3496 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k SDRSVC
msiexec.exe < 0.01 10,548 K 24,840 K 3696 Windows® installer Microsoft Corporation C:\Windows\system32\msiexec.exe /V
msiexec.exe 2,284 K 6,872 K 1440 Windows® installer Microsoft Corporation C:\Windows\syswow64\MsiExec.exe -Embedding 4DA49922D0C117B1C90C5E3276817186 A
UninstallHPSA.exe 35.04 19,772 K 23,040 K 4512 HP Support Assistant Uninstaller Hewlett-Packard Company "C:\ProgramData\Hewlett-Packard\UninstallHPSA.exe" /ProductCode {78E2C850-ADA6-420D-BA35-2F4A9BE733CC}
VSSVC.exe 2,096 K 6,448 K 4752 Microsoft® Volume Shadow Copy Service Microsoft Corporation C:\Windows\system32\vssvc.exe
svchost.exe 1,556 K 4,844 K 4932 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k swprv
TrustedInstaller.exe 30,872 K 40,008 K 4116 Windows Modules Installer Microsoft Corporation C:\Windows\servicing\TrustedInstaller.exe
lsass.exe 0.01 4,424 K 5,964 K 500 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 2,472 K 1,828 K 508 Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 0.53 3,060 K 28,876 K 444 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 2,756 K 672 K 572 Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 0.52 58,384 K 53,852 K 2264 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
SynTPEnh.exe 0.46 3,628 K 3,052 K 3216 Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
SynTPHelper.exe 1,184 K 584 K 2588 Synaptics Pointing Device Helper Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
cAudioFilterAgent64.exe 2,104 K 1,852 K 3244 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. "C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
jusched.exe 1,464 K 792 K 1716 Java(TM) Platform SE binary Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jusched.exe"
hkcmd.exe 2,944 K 1,556 K 3332 hkcmd Module Intel Corporation "C:\Windows\System32\hkcmd.exe"
igfxpers.exe 2,316 K 2,784 K 3480 persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
msseces.exe 5,932 K 1,776 K 3616 Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
chrome.exe 0.05 99,404 K 141,088 K 4880 Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
chrome.exe 3,104 K 6,884 K 4364 Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\venkat\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=55.0.2883.87 --handshake-handle=0x144
chrome.exe 3,536 K 8,532 K 4360 Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=600 --on-initialized-event-handle=496 --parent-handle=500 /prefetch:6
chrome.exe 67,556 K 66,800 K 4824 Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/InstanceID/Enabled/MediaFoundationH264Encoding/Default/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OfferUploadCreditCards/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=6,14,16,17,18,21,37,54,65 --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2202 --gpu-driver-date=8-25-2010 --gpu-secondary-vendor-ids=0x8086 --gpu-secondary-device-ids=0x2a43 --service-request-channel-token=DD8CE24C7AF8AA5F5C8A134B865504CE --mojo-platform-channel-handle=1156 --ignored=" --type=renderer " /prefetch:2
chrome.exe 57,604 K 64,220 K 3328 Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/MediaFoundationH264Encoding/Default/*MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OfferUploadCreditCards/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=E8A2E0B3B62F221763F1F78043D1D23A --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,parseHTMLOnMainThreadCoalesceChunks=false,parseHTMLOnMainThreadSyncTokenize=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2
chrome.exe 0.01 133,056 K 137,900 K 4720 Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Default/*InstanceID/Enabled/MediaFoundationH264Encoding/Default/*MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OfferUploadCreditCards/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=748F23296218AAB369729D1F5976726D --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,parseHTMLOnMainThreadCoalesceChunks=false,parseHTMLOnMainThreadSyncTokenize=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2
chrome.exe 0.23 398,664 K 415,760 K 216 Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/*MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OfferUploadCreditCards/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=309620CABB6C0AC4B7C93D915648DF74 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,parseHTMLOnMainThreadCoalesceChunks=false,parseHTMLOnMainThreadSyncTokenize=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9
chrome.exe 0.30 113,644 K 134,552 K 2784 Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DisableFirstRunAutoImport<DisableFirstRunAutoImport,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,*MediaFoundationH264Encoding<MediaFoundationH264Encoding,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,*PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Disabled/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisableFirstRunAutoImport/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Default/*InstanceID/Enabled/*MediaFoundationH264Encoding/Default/*MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OfferUploadCreditCards/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/EnabledInMemory/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Default/*SiteIsolationExtensions/Control/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Control/TranslateServerStudy/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=9B2B1596047C9A3301AE24CB94EF2D16 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,parseHTMLOnMainThreadCoalesceChunks=false,parseHTMLOnMainThreadSyncTokenize=false --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,
chrome.exe 0.27 27,340 K 34,572 K 4192 Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --ppapi-flash-args --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --service-request-channel-token=328226D98A6A44D3E3C299D3290373F3 --mojo-platform-channel-handle=2608 --ignored=" --type=renderer " /prefetch:3
procexp64.exe 4.96 22,204 K 38,532 K 3516 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\venkat\Downloads\procexp64.exe"
QPService.exe 5,044 K 4,736 K 744 HP QuickPlay Resident Program CyberLink Corp. "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
QLBCtrl.exe 3,408 K 4,500 K 2368 Quick Launch Buttons Hewlett-Packard Development Company, L.P. "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
HPWAMain.exe 32,068 K 11,900 K 1796 HP Wireless Assistant Main Program Hewlett-Packard Company "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
ezprint.exe 0.01 4,848 K 1,792 K 3416 Lexmark Fast Pics Application Lexmark International Inc. "C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe"
jusched.exe 1,092 K 344 K 3536 Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
hpwuschd2.exe 920 K 828 K 3376 hpwuSchd Application Hewlett-Packard "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"

venkatbollu · Jan 13, 2017

I believe the junk is cleaned out of my laptop, but I thought of running the rouguekiller once to see no threats but still found 2 PUMS..

Please check this once.

RogueKiller V12.9.2.0 (x64) [Jan 9 2017] (Free) by Adlice Software

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : venkat [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/13/2017 17:03:41 (Duration : 01:41:35)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 5b082a1f5ebf8c17b16cd18ce6fbe194
[BSP] 8897752b5ea6c545723591784672d3df : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 292259 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 598956032 | Size: 12785 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Broni · Jan 13, 2017

Those are not important.
However your CPU usage is extremely high.
I see Chrome running there.
Not sure if that's the culprit but make sure you close all running programs, re-run PE and post fresh log.

venkatbollu · Jan 13, 2017

Process CPU Private Bytes Working Set PID Description Company Name Command Line
System Idle Process 41.62 0 K 24 K 0
System 0.25 292 K 8,172 K 4
Interrupts 0.95 0 K 0 K n/a Hardware Interrupts and DPCs
smss.exe 432 K 320 K 280 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe < 0.01 2,408 K 2,172 K 380 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
conhost.exe 872 K 488 K 1384 Console Window Host Microsoft Corporation \??\C:\Windows\system32\conhost.exe "890724651-1217326092205610044420253409831322301429-1786893878-1712603863-838508959
conhost.exe < 0.01 1,132 K 360 K 1112 Console Window Host Microsoft Corporation \??\C:\Windows\system32\conhost.exe "252610644-825026356-1444084548238033382-716228249150492981-2110398118-1513871978
wininit.exe 1,460 K 728 K 424 Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe 5,860 K 5,268 K 476 Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 0.07 4,200 K 4,284 K 644 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
WmiPrvSE.exe 5,700 K 5,232 K 2828 WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
HpqToaster.exe 2,148 K 1,656 K 2712 HpqToaster Module "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe" -Embedding
svchost.exe 0.01 4,936 K 5,672 K 728 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
MsMpEng.exe 1.05 124,708 K 94,520 K 800 Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
svchost.exe 17,156 K 9,768 K 900 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 16,096 K 16,288 K 3648 Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x7b0
svchost.exe < 0.01 156,060 K 138,568 K 940 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
wlanext.exe 2,236 K 2,380 K 1372 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation C:\Windows\system32\WLANExt.exe 4087808
dwm.exe 1.13 58,656 K 24,868 K 1052 Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe 7,224 K 8,148 K 968 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 48.30 1,198,324 K 105,096 K 992 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 1,960 K 2,060 K 3212 Task Scheduler Engine Microsoft Corporation taskeng.exe {39AE03E2-AD27-496E-94DD-39EE2B4294EC}
taskeng.exe 1,972 K 1,896 K 3336 Task Scheduler Engine Microsoft Corporation taskeng.exe {6D26D069-4F9F-4BE1-8EE4-A2FD9FDA3053}
svchost.exe < 0.01 28,828 K 23,128 K 1260 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
spoolsv.exe < 0.01 6,532 K 2,416 K 1428 Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe < 0.01 14,844 K 9,348 K 1460 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe < 0.01 5,616 K 4,908 K 1632 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
svchost.exe 1,320 K 444 K 1668 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k HsfXAudioService
LSSrvc.exe 1,204 K 368 K 1808 LightScribe Service Hewlett-Packard Company "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
PEFService.exe < 0.01 1,652 K 1,340 K 1904 Intel Security PEF Service Intel Security, Inc. "C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe"
pg_ctl.exe 2,052 K 448 K 1940 pg_ctl - starts/stops/restarts the PostgreSQL server PostgreSQL Global Development Group "C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe" runservice -N "postgresql-x64-9.6" -D "C:\Program Files\PostgreSQL\9.6\data" -w
postgres.exe 3,432 K 2,432 K 376 PostgreSQL Server PostgreSQL Global Development Group "C:\Program Files\PostgreSQL\9.6\bin\postgres.exe" -D "C:\Program Files\PostgreSQL\9.6\data"
postgres.exe 3,044 K 720 K 1608 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forklog" "1120" "1116"
postgres.exe 3,008 K 1,456 K 1916 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forkboot" "1252" "-x4"
postgres.exe 3,288 K 1,680 K 1820 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forkavlauncher" "1268"
postgres.exe 3,012 K 948 K 1856 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forkboot" "1268" "-x3"
postgres.exe 3,012 K 904 K 1960 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forkboot" "1252" "-x5"
postgres.exe 3,008 K 1,264 K 2024 PostgreSQL Server PostgreSQL Global Development Group "C:/Program Files/PostgreSQL/9.6/bin/postgres.exe" "--forkcol" "1252"
RichVideo.exe 1,200 K 672 K 1992 RichVideo Module "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
SeaPort.exe 3,920 K 740 K 2032 Microsoft SeaPort Search Enhancement Broker Microsoft Corporation "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
teampostgresql-service.exe 1,236 K 316 K 1776 "C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe"
teampostgresql-service.exe 0.05 93,528 K 5,424 K 1872 "C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe" "TeamPostgreSQL Service" __i4j_restart
vmnat.exe < 0.01 1,352 K 640 K 2044 VMware NAT Service VMware, Inc. C:\Windows\SysWOW64\vmnat.exe
vmnetdhcp.exe 1,184 K 508 K 2060 VMware VMnet DHCP service VMware, Inc. C:\Windows\SysWOW64\vmnetdhcp.exe
MBAMService.exe 0.27 301,844 K 224,956 K 2104 Malwarebytes Service Malwarebytes "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
vmware-authd.exe 2.20 5,192 K 1,824 K 2204 VMware Authorization Service VMware, Inc. "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe"
NisSrv.exe 16,816 K 11,128 K 2820 Microsoft Network Realtime Inspection Service Microsoft Corporation "c:\Program Files\Microsoft Security Client\NisSrv.exe"
taskhost.exe < 0.01 12,472 K 8,680 K 4076 Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
SearchIndexer.exe < 0.01 40,512 K 20,084 K 3976 Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe 0.01 3,040 K 8,068 K 4848 Microsoft Windows Search Protocol Host Microsoft Corporation "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe14_ Global\UsGthrCtrlFltPipeMssGthrPipe14 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
SearchFilterHost.exe 0.01 2,616 K 6,376 K 1164 Microsoft Windows Search Filter Host Microsoft Corporation "C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
HPSupportSolutionsFrameworkService.exe < 0.01 44,856 K 7,340 K 3956 HP Support Solutions Framework Service Hewlett-Packard Company "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
svchost.exe < 0.01 2,040 K 1,788 K 824 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
Com4QLBEx.exe 1,300 K 780 K 1760 Com for QLB application Hewlett-Packard Development Company, L.P. "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
svchost.exe < 0.01 1,452 K 1,748 K 3496 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k SDRSVC
lsass.exe 0.64 4,416 K 6,004 K 500 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 0.11 2,580 K 1,880 K 508 Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 0.18 3,040 K 13,028 K 444 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 2,756 K 672 K 572 Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 0.05 50,652 K 58,248 K 2264 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
SynTPEnh.exe 0.35 3,628 K 3,124 K 3216 Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
SynTPHelper.exe 1,184 K 568 K 2588 Synaptics Pointing Device Helper Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
cAudioFilterAgent64.exe 2,192 K 1,884 K 3244 Conexant High Definition Audio Filter Agent Conexant Systems, Inc. "C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
jusched.exe 1,464 K 732 K 1716 Java(TM) Platform SE binary Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jusched.exe"
hkcmd.exe 2,944 K 1,496 K 3332 hkcmd Module Intel Corporation "C:\Windows\System32\hkcmd.exe"
igfxpers.exe < 0.01 2,292 K 2,740 K 3480 persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
msseces.exe 5,932 K 2,016 K 3616 Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
procexp64.exe 2.74 18,992 K 35,048 K 1520 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\venkat\Desktop\ProcessExplorer\procexp64.exe"
QPService.exe 5,044 K 4,308 K 744 HP QuickPlay Resident Program CyberLink Corp. "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
QLBCtrl.exe 3,408 K 4,368 K 2368 Quick Launch Buttons Hewlett-Packard Development Company, L.P. "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
HPWAMain.exe 32,072 K 10,680 K 1796 HP Wireless Assistant Main Program Hewlett-Packard Company "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
ezprint.exe 4,848 K 1,632 K 3416 Lexmark Fast Pics Application Lexmark International Inc. "C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe"
jusched.exe 1,092 K 344 K 3536 Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
hpwuschd2.exe 920 K 820 K 3376 hpwuSchd Application Hewlett-Packard "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"

venkatbollu · Jan 13, 2017

I think chrome itself is not the culprit, as I can see sometimes with chrome open its around 50% CPU Usage

Broni · Jan 13, 2017

The log looks better but not good enough.. CPU usage still around 50%
Main culprit - svchost.exe 48.30%
Something is not right.

Can you give me fresh FRST logs?

venkatbollu · Jan 13, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by venkat (administrator) on APOORVA-PC (13-01-2017 22:52:41)
Running from C:\Users\venkat\Desktop\New folder
Loaded Profiles: venkat (Available Profiles: Apoorva & venkat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
() C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
() C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
() C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
(Lexmark International Inc.) C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [lxcymon.exe] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe [291496 2009-05-01] ()
HKLM-x32\...\Run: [EzPrint] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe [82600 2009-05-01] (Lexmark International Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2122AD89-0CB0-42C3-A5A6-4543E492E6B1}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\venkat\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2009-12-22] (Trend Media Group)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-13] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\venkat\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011-02-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60} [2011-12-27]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-11-29]

Chrome:
=======
CHR Profile: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-13]
CHR Extension: (Google Docs) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-13]
CHR Extension: (Google Drive) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-13]
CHR Extension: (YouTube) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-13]
CHR Extension: (Ebates Cash Back) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-01-13]
CHR Extension: (Google Sheets) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-13]
CHR Extension: (AdBlock) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-13]
CHR Extension: (Gmail) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-25] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 postgresql-x64-9.6; C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe [94720 2016-10-25] (PostgreSQL Global Development Group) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 TeamPostgreSQL Service; C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe [197120 2016-10-06] () [File not signed]
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2008-10-02] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-01-11] ()
R3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [18432 2009-04-29] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-10] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-13] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-13] (Malwarebytes)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 22:15 - 2017-01-13 22:18 - 00000000 ____D C:\Users\venkat\Desktop\ProcessExplorer
2017-01-13 21:51 - 2017-01-13 21:51 - 01932769 _____ C:\Users\venkat\Downloads\ProcessExplorer.zip
2017-01-13 19:07 - 2017-01-13 19:07 - 00003376 _____ C:\Users\venkat\Desktop\rk_5A32.tmp.txt
2017-01-13 16:44 - 2017-01-13 16:44 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-13 16:44 - 2017-01-13 16:44 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-13 16:38 - 2017-01-13 16:41 - 00000000 ____D C:\Users\venkat\AppData\Local\Deployment
2017-01-13 16:38 - 2017-01-13 16:38 - 00000000 ____D C:\Users\venkat\AppData\Local\Apps\2.0
2017-01-13 15:57 - 2017-01-13 16:10 - 00005767 _____ C:\ProgramData\hpzinstall.log
2017-01-13 15:37 - 2017-01-13 15:37 - 00001413 _____ C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-13 14:59 - 2017-01-13 14:59 - 00003560 ____N C:\bootsqm.dat
2017-01-13 11:03 - 2017-01-13 11:03 - 00110511 _____ C:\Users\venkat\Desktop\bookmarks_1_13_17.html
2017-01-13 11:00 - 2017-01-13 11:00 - 00007616 _____ C:\Users\venkat\AppData\Local\Resmon.ResmonCfg
2017-01-13 00:34 - 2017-01-13 00:34 - 00000000 ____D C:\ProgramData\Sophos
2017-01-13 00:33 - 2017-01-13 00:33 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-01-13 00:33 - 2017-01-13 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-13 00:32 - 2017-01-13 00:32 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-13 00:12 - 2017-01-13 00:12 - 00002969 _____ C:\Users\venkat\Downloads\FSS.txt
2017-01-13 00:00 - 2017-01-13 22:49 - 00000290 _____ C:\ProgramData\hpqp.ini
2017-01-13 00:00 - 2017-01-13 00:00 - 00000000 _____ C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 00000000 _____ C:\Users\venkat\AppData\Local\DSwitch.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 00000000 _____ C:\Users\venkat\AppData\Local\AtStart.txt
2017-01-12 23:30 - 2017-01-12 23:31 - 160346656 _____ (Sophos Limited) C:\Users\venkat\Downloads\Sophos Virus Removal Tool.exe
2017-01-12 23:29 - 2017-01-12 23:29 - 00899584 _____ (Farbar) C:\Users\venkat\Downloads\FSS.exe
2017-01-12 23:29 - 2017-01-12 23:29 - 00448512 _____ (OldTimer Tools) C:\Users\venkat\Downloads\TFC.exe
2017-01-12 22:23 - 2017-01-12 22:23 - 00852798 _____ C:\Users\venkat\Downloads\SecurityCheck.exe
2017-01-12 09:34 - 2017-01-13 22:52 - 00000000 ____D C:\Users\venkat\Desktop\New folder
2017-01-11 13:13 - 2017-01-11 13:13 - 00000178 _____ C:\lxcy.log
2017-01-11 11:41 - 2017-01-11 11:41 - 00013825 _____ C:\Users\venkat\Desktop\iexplore - Shortcut.lnk
2017-01-10 21:19 - 2017-01-10 21:19 - 00025133 _____ C:\ComboFix.txt
2017-01-10 20:42 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-10 20:42 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-10 20:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-10 20:41 - 2017-01-10 21:19 - 00000000 ____D C:\Qoobox
2017-01-10 20:41 - 2017-01-10 21:16 - 00000000 ____D C:\Windows\erdnt
2017-01-10 20:33 - 2017-01-10 20:34 - 05659315 ____R (Swearware) C:\Users\venkat\Desktop\ComboFix.exe
2017-01-10 15:57 - 2017-01-10 15:58 - 00425069 _____ C:\Users\venkat\Downloads\EAd.zip
2017-01-10 15:47 - 2017-01-10 15:48 - 01663040 _____ (Malwarebytes) C:\Users\venkat\Downloads\JRT.exe
2017-01-10 14:43 - 2017-01-10 15:07 - 00000000 ____D C:\AdwCleaner
2017-01-10 14:42 - 2017-01-10 14:43 - 03988944 _____ C:\Users\venkat\Downloads\AdwCleaner.exe
2017-01-10 13:34 - 2017-01-10 13:34 - 00042552 _____ C:\Users\venkat\Desktop\Malwarebytes fix.txt
2017-01-10 13:07 - 2017-01-13 22:50 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-10 13:07 - 2017-01-13 22:50 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-10 13:07 - 2017-01-13 22:50 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-10 13:07 - 2017-01-13 22:50 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-10 13:07 - 2017-01-10 13:07 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-10 13:06 - 2017-01-12 09:42 - 00000000 ____D C:\Users\venkat\AppData\Local\CrashDumps
2017-01-10 13:06 - 2017-01-11 17:44 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-10 13:06 - 2017-01-10 13:45 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-10 13:06 - 2017-01-10 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-10 05:18 - 2017-01-10 05:19 - 54199488 _____ (Malwarebytes ) C:\Users\venkat\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-09 20:39 - 2017-01-13 17:03 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-09 20:34 - 2017-01-09 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-09 20:34 - 2017-01-09 20:34 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-09 20:33 - 2017-01-10 05:04 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-09 20:28 - 2017-01-09 20:30 - 34710200 _____ (Adlice Software ) C:\Users\venkat\Downloads\RogueKiller setup.exe
2017-01-09 12:42 - 2017-01-09 13:24 - 00054237 _____ C:\Users\venkat\Downloads\Addition.txt
2017-01-09 11:16 - 2017-01-09 13:24 - 00057684 _____ C:\Users\venkat\Downloads\FRST.txt
2017-01-08 23:06 - 2017-01-08 23:06 - 00006628 _____ C:\Users\venkat\Desktop\Shares Strategy.xlsx.txt
2017-01-08 22:38 - 2017-01-08 22:42 - 00054677 _____ C:\Users\venkat\Downloads\Addition_bkp.txt
2017-01-08 22:32 - 2017-01-08 22:39 - 00003313 _____ C:\Users\venkat\Desktop\My Portfolio.csv
2017-01-08 22:29 - 2017-01-08 22:42 - 00059147 _____ C:\Users\venkat\Downloads\FRST_bkp.txt
2017-01-08 22:23 - 2017-01-13 22:52 - 00000000 ____D C:\FRST
2017-01-08 21:39 - 2017-01-08 21:40 - 02193920 _____ (Farbar) C:\Users\venkat\Downloads\FRST64.exe
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-07 13:27 - 2017-01-07 13:27 - 00003156 _____ C:\Windows\System32\Tasks\{5FE19C52-A260-4A87-AC2C-1DB8E2FD4111}
2017-01-06 16:25 - 2017-01-06 16:25 - 00001945 _____ C:\Windows\epplauncher.mif
2017-01-06 16:24 - 2017-01-06 16:24 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-01-06 16:23 - 2017-01-06 16:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-01-06 16:23 - 2017-01-06 16:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-01-05 17:38 - 2017-01-10 20:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-05 17:00 - 2017-01-05 18:18 - 00000034 _____ C:\Users\venkat\Desktop\MCafee SR#.txt
2017-01-05 12:46 - 2017-01-05 12:46 - 00003642 _____ C:\Windows\System32\Tasks\bak3033876k3033876
2017-01-05 12:46 - 2017-01-05 12:46 - 00000000 ___HD C:\Program Files (x86)\wells
2017-01-05 12:44 - 2017-01-05 12:44 - 00000000 ____D C:\Users\venkat\AppData\Local\CEF
2017-01-05 03:42 - 2017-01-05 03:42 - 00010752 _____ C:\Windows\seventeen.exe
2017-01-01 15:47 - 2017-01-01 23:50 - 00009080 _____ C:\Users\venkat\Desktop\Shares Strategy.xlsx
2016-12-31 15:21 - 2016-12-31 15:21 - 00001181 ____N C:\Users\Public\Desktop\TeamPostgreSQL Web Client.lnk
2016-12-31 15:21 - 2016-12-31 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamPostgreSQL
2016-12-31 15:12 - 2016-12-31 15:21 - 00000000 ____D C:\Program Files (x86)\TeamPostgreSQL
2016-12-30 21:40 - 2010-09-11 10:51 - 00439808 _____ (Atheros) C:\Windows\system32\athihvs.dll
2016-12-30 21:34 - 2016-12-30 21:34 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-12-30 21:25 - 2016-12-30 21:25 - 04057776 _____ (Oleg N. Scherbakov) C:\Users\venkat\Downloads\HPSupportSolutionsFramework-12.5.32.203.exe
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\Documents\SafeNet Sentinel
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\.spss
2016-12-30 20:32 - 2016-12-30 20:32 - 00000000 ____D C:\Users\venkat\AppData\Roaming\HP TCS
2016-12-30 20:13 - 2016-12-30 20:13 - 00000000 ____D C:\Users\venkat\AppData\Roaming\CyberLink
2016-12-30 20:12 - 2016-12-30 20:12 - 00000000 ____D C:\Users\Public\CyberLink
2016-12-30 20:09 - 2016-12-30 20:12 - 00000000 ____D C:\Users\venkat\Documents\Youcam
2016-12-30 15:13 - 2016-12-31 13:26 - 00000000 ____D C:\Users\venkat\Desktop\Postgres
2016-12-30 12:45 - 2016-12-30 21:37 - 00000000 ____D C:\Users\venkat\AppData\Roaming\pgAdmin
2016-12-29 23:28 - 2016-12-29 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.6
2016-12-29 23:21 - 2016-12-29 23:21 - 00000000 ____D C:\Program Files\PostgreSQL
2016-12-28 17:54 - 2016-12-28 17:54 - 00014785 _____ C:\Users\venkat\Desktop\xe~1.sql
2016-12-28 17:54 - 2016-12-28 17:54 - 00001479 _____ C:\Users\venkat\xe.sql
2016-12-25 18:08 - 2017-01-10 11:13 - 00010932 _____ C:\Users\venkat\Desktop\Important Days & bills.xlsx
2016-12-21 13:34 - 2016-12-21 13:35 - 04700160 _____ C:\Users\venkat\Downloads\remote area.xls
2016-12-20 17:33 - 2016-12-20 19:28 - 00000000 ____D C:\Users\venkat\Desktop\New Technologies
2016-12-17 15:21 - 2016-12-17 16:02 - 00000000 ____D C:\Users\venkat\AppData\Roaming\SQL Developer
2016-12-17 15:21 - 2016-12-17 15:21 - 00001612 ____N C:\Users\venkat\Desktop\sqldeveloper.exe - Shortcut.lnk
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\Users\venkat\AppData\Roaming\sqldeveloper
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\ProgramData\Oracle
2016-12-17 15:19 - 2016-12-17 15:19 - 00000000 ____D C:\Users\venkat\Desktop\sqldeveloper-4.2.0.16.260.1303-x64
2016-12-17 14:59 - 2016-12-17 14:59 - 00000000 ____D C:\Users\venkat\Oracle
2016-12-17 14:58 - 2016-12-17 14:58 - 00000000 ____D C:\oraclexe
2016-12-17 14:33 - 2016-12-17 14:33 - 00003102 _____ C:\Windows\System32\Tasks\{05D8699E-CC8C-47DF-99BE-26F68EB63901}
2016-12-17 14:26 - 2016-12-17 14:26 - 00000624 _____ C:\Users\venkat\Desktop\tnsnames.ora
2016-12-17 14:10 - 2017-01-07 22:21 - 00000000 ____D C:\Program Files (x86)\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\Program Files (x86)\Raize
2016-12-17 14:10 - 2005-01-08 03:00 - 00024064 _____ (Raize Software, Inc.) C:\Windows\SysWOW64\CS30Inspectors70.bpl
2016-12-17 13:55 - 2016-12-17 13:55 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Dell
2016-12-17 13:49 - 2016-12-17 13:49 - 00046441 _____ C:\Users\venkat\Downloads\dataDec-17-2016 (1).sql
2016-12-17 13:47 - 2016-12-17 16:01 - 00043163 _____ C:\Users\venkat\Downloads\dataDec-17-2016.sql
2016-12-16 21:01 - 2016-12-28 17:02 - 00000000 ____D C:\Users\venkat\Desktop\Freelancers

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 22:51 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-13 22:51 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-13 22:48 - 2016-07-23 04:40 - 00000000 ____D C:\ProgramData\VMware
2017-01-13 22:48 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-13 22:48 - 2009-07-13 23:51 - 00205764 _____ C:\Windows\setupact.log
2017-01-13 22:48 - 2009-07-13 23:45 - 00427488 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-13 22:39 - 2009-09-30 08:38 - 01664009 _____ C:\Windows\WindowsUpdate.log
2017-01-13 22:11 - 2016-05-20 07:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-13 22:00 - 2010-12-22 22:28 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job
2017-01-13 21:58 - 2009-08-21 12:25 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-01-13 21:57 - 2009-08-21 12:27 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2017-01-13 21:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2017-01-13 21:52 - 2016-05-20 07:25 - 00117144 _____ C:\Users\venkat\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-13 21:52 - 2009-08-21 14:55 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2017-01-13 20:15 - 2009-08-21 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-13 19:53 - 2009-09-30 09:27 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-13 19:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-01-13 19:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-13 19:25 - 2010-01-13 18:10 - 00517300 _____ C:\Windows\PFRO.log
2017-01-13 17:02 - 2016-05-28 03:01 - 00000000 ____D C:\Users\venkat\AppData\Local\Google
2017-01-13 16:59 - 2010-02-15 13:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-13 16:59 - 2010-02-15 13:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-13 16:44 - 2010-01-13 17:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-13 16:24 - 2011-06-27 18:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-13 16:20 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-13 16:20 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-01-13 16:08 - 2009-08-21 14:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-13 16:04 - 2011-01-08 18:46 - 00000000 ____D C:\ProgramData\HP
2017-01-13 15:57 - 2009-08-21 14:06 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-13 15:46 - 2009-08-21 12:55 - 00000000 ____D C:\Program Files (x86)\HP Games
2017-01-13 15:44 - 2009-08-21 12:55 - 00000000 ____D C:\ProgramData\WildTangent
2017-01-13 15:01 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-01-13 01:00 - 2010-12-22 22:28 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job
2017-01-12 21:37 - 2010-01-13 17:08 - 00000000 ____D C:\Users\Apoorva
2017-01-12 16:54 - 2016-07-16 10:26 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Skype
2017-01-12 10:12 - 2016-08-01 04:54 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Notepad++
2017-01-10 21:48 - 2016-10-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-10 21:19 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2017-01-10 21:13 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2017-01-10 21:11 - 2016-05-20 07:54 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 21:11 - 2016-05-20 07:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 21:11 - 2011-10-12 09:30 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 21:11 - 2011-10-12 09:30 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 21:11 - 2009-08-21 12:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 20:36 - 2016-10-28 22:09 - 00000000 ____D C:\Program Files\McAfee
2017-01-10 18:19 - 2016-09-21 19:18 - 00000000 ____D C:\Users\venkat\Desktop\EAD
2017-01-10 13:25 - 2010-01-13 17:30 - 00002054 _____ C:\Users\Public\Desktop\Accessories.lnk
2017-01-09 20:14 - 2016-07-24 08:59 - 00000000 ____D C:\ProgramData\LightScribe
2017-01-09 17:23 - 2016-07-17 09:06 - 00000235 _____ C:\Users\venkat\Desktop\bags with tsa locks.txt
2017-01-08 21:05 - 2010-04-21 18:27 - 00000000 ____D C:\ProgramData\Recovery
2017-01-08 21:00 - 2010-01-13 17:15 - 00118592 _____ C:\Users\Apoorva\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-08 20:55 - 2010-12-22 22:29 - 00002285 _____ C:\Users\Apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 20:55 - 2010-12-22 22:29 - 00002255 _____ C:\Users\Apoorva\Desktop\Google Chrome.lnk
2017-01-08 13:51 - 2016-07-24 10:36 - 00000000 ____D C:\Users\venkat\AppData\Local\Downloaded Installations
2017-01-08 13:10 - 2010-09-12 17:57 - 00000000 ____D C:\Users\Apoorva\Documents\My Received Files
2017-01-07 23:23 - 2016-07-23 04:53 - 00000000 ____D C:\Users\venkat\AppData\Roaming\VMware
2017-01-07 13:49 - 2016-07-24 11:52 - 00000000 ____D C:\ProgramData\Nero
2017-01-07 13:41 - 2016-07-24 11:54 - 00000188 _____ C:\Windows\SysWOW64\MsiExec.exe.log
2017-01-07 11:04 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat\AppData\Local\VirtualStore
2017-01-06 20:40 - 2011-09-30 10:21 - 00000000 ____D C:\Windows\Minidump
2017-01-05 22:13 - 2016-07-16 03:03 - 00000000 ____D C:\Users\venkat\Desktop\Movies
2017-01-05 18:28 - 2016-10-28 22:14 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-01-05 18:27 - 2016-10-28 22:14 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-01-05 18:21 - 2016-10-28 22:08 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-01-05 17:09 - 2009-07-14 00:13 - 00786806 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-05 17:04 - 2016-10-28 21:47 - 00000000 ____D C:\Users\venkat\AppData\Local\LogMeIn Rescue Applet
2017-01-05 12:42 - 2016-05-28 03:09 - 00002327 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-01-05 12:42 - 2016-05-20 07:24 - 00002157 ____R C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2017-01-05 12:41 - 2016-05-28 03:09 - 00002315 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2016-12-31 15:26 - 2016-07-26 07:01 - 00000000 ____D C:\Users\venkat\AppData\Roaming\BITS
2016-12-31 10:13 - 2010-01-31 21:52 - 00000000 ____D C:\Program Files\Google
2016-12-30 23:25 - 2011-06-27 18:48 - 00000000 ____D C:\ProgramData\Skype
2016-12-30 23:25 - 2010-01-13 17:57 - 00000000 ____D C:\ProgramData\Google
2016-12-30 21:40 - 2011-04-16 17:15 - 00000000 ____D C:\Windows\system32\nn-NO
2016-12-30 21:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2016-12-30 21:29 - 2016-05-20 07:26 - 00000000 ____D C:\Users\venkat\AppData\Local\Hewlett-Packard
2016-12-30 21:05 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat
2016-12-30 20:48 - 2011-04-22 22:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-12-30 20:17 - 2011-02-26 22:03 - 00000000 ____D C:\ProgramData\UAB
2016-12-30 20:10 - 2009-08-21 13:48 - 00000000 ____D C:\ProgramData\CyberLink
2016-12-29 23:19 - 2016-07-24 10:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-25 16:10 - 2016-09-15 21:04 - 00000087 _____ C:\Users\venkat\AppData\default.pls
2016-12-17 14:37 - 2010-01-13 17:10 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2017-01-13 00:00 - 2017-01-13 00:00 - 0000000 _____ () C:\Users\venkat\AppData\Local\AtStart.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 0000000 _____ () C:\Users\venkat\AppData\Local\DSwitch.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 0000000 _____ () C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-13 11:00 - 2017-01-13 11:00 - 0007616 _____ () C:\Users\venkat\AppData\Local\Resmon.ResmonCfg
2017-01-13 00:00 - 2017-01-13 22:49 - 0000290 _____ () C:\ProgramData\hpqp.ini
2017-01-12 23:08 - 2017-01-13 22:53 - 0000731 _____ () C:\ProgramData\HPWALog.txt
2017-01-13 15:57 - 2017-01-13 16:10 - 0005767 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\venkat\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-07-08 21:25

==================== End of FRST.txt ============================

Broni · Jan 14, 2017

I still need second log.

venkatbollu · Jan 14, 2017

This time, I didn`t get the addition log to share with you.

venkatbollu · Jan 14, 2017

Ok.. I ran it again and got the 2nd log now.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by venkat (administrator) on APOORVA-PC (14-01-2017 11:44:45)
Running from C:\Users\venkat\Desktop\New folder
Loaded Profiles: venkat (Available Profiles: Apoorva & venkat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
() C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.6\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
() C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
(Lexmark International Inc.) C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [lxcymon.exe] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe [291496 2009-05-01] ()
HKLM-x32\...\Run: [EzPrint] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe [82600 2009-05-01] (Lexmark International Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2122AD89-0CB0-42C3-A5A6-4543E492E6B1}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-24] (HP)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\venkat\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2009-12-22] (Trend Media Group)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-24] (HP)
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-13] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\venkat\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011-02-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60} [2011-12-27]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-11-29]

Chrome:
=======
CHR Profile: C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-13]
CHR Extension: (Google Docs) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-13]
CHR Extension: (Google Drive) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-13]
CHR Extension: (YouTube) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-13]
CHR Extension: (Ebates Cash Back) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-01-13]
CHR Extension: (Google Sheets) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-13]
CHR Extension: (AdBlock) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-13]
CHR Extension: (Gmail) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\venkat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-25] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 postgresql-x64-9.6; C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe [94720 2016-10-25] (PostgreSQL Global Development Group) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 TeamPostgreSQL Service; C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe [197120 2016-10-06] () [File not signed]
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2008-10-02] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-01-11] ()
R3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [18432 2009-04-29] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-10] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-14] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-14] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-14] (Malwarebytes)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 22:15 - 2017-01-14 14:27 - 00000000 ____D C:\Users\venkat\Desktop\ProcessExplorer
2017-01-13 21:51 - 2017-01-13 21:51 - 01932769 _____ C:\Users\venkat\Downloads\ProcessExplorer.zip
2017-01-13 19:07 - 2017-01-13 19:07 - 00003376 _____ C:\Users\venkat\Desktop\rk_5A32.tmp.txt
2017-01-13 16:44 - 2017-01-13 16:44 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-13 16:44 - 2017-01-13 16:44 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-13 16:38 - 2017-01-13 16:41 - 00000000 ____D C:\Users\venkat\AppData\Local\Deployment
2017-01-13 16:38 - 2017-01-13 16:38 - 00000000 ____D C:\Users\venkat\AppData\Local\Apps\2.0
2017-01-13 15:57 - 2017-01-13 16:10 - 00005767 _____ C:\ProgramData\hpzinstall.log
2017-01-13 15:37 - 2017-01-13 15:37 - 00001413 _____ C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-13 14:59 - 2017-01-13 14:59 - 00003560 ____N C:\bootsqm.dat
2017-01-13 11:03 - 2017-01-13 11:03 - 00110511 _____ C:\Users\venkat\Desktop\bookmarks_1_13_17.html
2017-01-13 11:00 - 2017-01-13 11:00 - 00007616 _____ C:\Users\venkat\AppData\Local\Resmon.ResmonCfg
2017-01-13 00:34 - 2017-01-13 00:34 - 00000000 ____D C:\ProgramData\Sophos
2017-01-13 00:33 - 2017-01-13 00:33 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-01-13 00:33 - 2017-01-13 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-13 00:32 - 2017-01-13 00:32 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-13 00:12 - 2017-01-13 00:12 - 00002969 _____ C:\Users\venkat\Downloads\FSS.txt
2017-01-13 00:00 - 2017-01-14 11:43 - 00000290 _____ C:\ProgramData\hpqp.ini
2017-01-13 00:00 - 2017-01-13 00:00 - 00000000 _____ C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 00000000 _____ C:\Users\venkat\AppData\Local\DSwitch.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 00000000 _____ C:\Users\venkat\AppData\Local\AtStart.txt
2017-01-12 23:30 - 2017-01-12 23:31 - 160346656 _____ (Sophos Limited) C:\Users\venkat\Downloads\Sophos Virus Removal Tool.exe
2017-01-12 23:29 - 2017-01-12 23:29 - 00899584 _____ (Farbar) C:\Users\venkat\Downloads\FSS.exe
2017-01-12 23:29 - 2017-01-12 23:29 - 00448512 _____ (OldTimer Tools) C:\Users\venkat\Downloads\TFC.exe
2017-01-12 22:23 - 2017-01-12 22:23 - 00852798 _____ C:\Users\venkat\Downloads\SecurityCheck.exe
2017-01-12 09:34 - 2017-01-14 11:44 - 00000000 ____D C:\Users\venkat\Desktop\New folder
2017-01-11 13:13 - 2017-01-11 13:13 - 00000178 _____ C:\lxcy.log
2017-01-11 11:41 - 2017-01-11 11:41 - 00013825 _____ C:\Users\venkat\Desktop\iexplore - Shortcut.lnk
2017-01-10 21:19 - 2017-01-10 21:19 - 00025133 _____ C:\ComboFix.txt
2017-01-10 20:42 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-10 20:42 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-10 20:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-10 20:41 - 2017-01-10 21:19 - 00000000 ____D C:\Qoobox
2017-01-10 20:41 - 2017-01-10 21:16 - 00000000 ____D C:\Windows\erdnt
2017-01-10 20:33 - 2017-01-10 20:34 - 05659315 ____R (Swearware) C:\Users\venkat\Desktop\ComboFix.exe
2017-01-10 15:57 - 2017-01-10 15:58 - 00425069 _____ C:\Users\venkat\Downloads\EAd.zip
2017-01-10 15:47 - 2017-01-10 15:48 - 01663040 _____ (Malwarebytes) C:\Users\venkat\Downloads\JRT.exe
2017-01-10 14:43 - 2017-01-10 15:07 - 00000000 ____D C:\AdwCleaner
2017-01-10 14:42 - 2017-01-10 14:43 - 03988944 _____ C:\Users\venkat\Downloads\AdwCleaner.exe
2017-01-10 13:34 - 2017-01-10 13:34 - 00042552 _____ C:\Users\venkat\Desktop\Malwarebytes fix.txt
2017-01-10 13:07 - 2017-01-14 11:31 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-10 13:07 - 2017-01-14 11:30 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-10 13:07 - 2017-01-14 11:30 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-10 13:07 - 2017-01-14 11:30 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-10 13:07 - 2017-01-10 13:07 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-10 13:06 - 2017-01-12 09:42 - 00000000 ____D C:\Users\venkat\AppData\Local\CrashDumps
2017-01-10 13:06 - 2017-01-11 17:44 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-10 13:06 - 2017-01-10 13:45 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-10 13:06 - 2017-01-10 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-10 05:18 - 2017-01-10 05:19 - 54199488 _____ (Malwarebytes ) C:\Users\venkat\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-09 20:39 - 2017-01-13 17:03 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-09 20:34 - 2017-01-09 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-09 20:34 - 2017-01-09 20:34 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-09 20:33 - 2017-01-14 14:27 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-09 20:28 - 2017-01-09 20:30 - 34710200 _____ (Adlice Software ) C:\Users\venkat\Downloads\RogueKiller setup.exe
2017-01-09 12:42 - 2017-01-09 13:24 - 00054237 _____ C:\Users\venkat\Downloads\Addition.txt
2017-01-09 11:16 - 2017-01-09 13:24 - 00057684 _____ C:\Users\venkat\Downloads\FRST.txt
2017-01-08 23:06 - 2017-01-08 23:06 - 00006628 _____ C:\Users\venkat\Desktop\Shares Strategy.xlsx.txt
2017-01-08 22:38 - 2017-01-08 22:42 - 00054677 _____ C:\Users\venkat\Downloads\Addition_bkp.txt
2017-01-08 22:32 - 2017-01-08 22:39 - 00003313 _____ C:\Users\venkat\Desktop\My Portfolio.csv
2017-01-08 22:29 - 2017-01-08 22:42 - 00059147 _____ C:\Users\venkat\Downloads\FRST_bkp.txt
2017-01-08 22:23 - 2017-01-14 11:44 - 00000000 ____D C:\FRST
2017-01-08 21:39 - 2017-01-08 21:40 - 02193920 _____ (Farbar) C:\Users\venkat\Downloads\FRST64.exe
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-07 13:27 - 2017-01-07 13:27 - 00003156 _____ C:\Windows\System32\Tasks\{5FE19C52-A260-4A87-AC2C-1DB8E2FD4111}
2017-01-06 16:25 - 2017-01-06 16:25 - 00001945 _____ C:\Windows\epplauncher.mif
2017-01-06 16:24 - 2017-01-06 16:24 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-01-06 16:23 - 2017-01-06 16:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-01-06 16:23 - 2017-01-06 16:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-01-05 17:38 - 2017-01-10 20:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-05 17:00 - 2017-01-05 18:18 - 00000034 _____ C:\Users\venkat\Desktop\MCafee SR#.txt
2017-01-05 12:46 - 2017-01-05 12:46 - 00003642 _____ C:\Windows\System32\Tasks\bak3033876k3033876
2017-01-05 12:46 - 2017-01-05 12:46 - 00000000 ___HD C:\Program Files (x86)\wells
2017-01-05 12:44 - 2017-01-05 12:44 - 00000000 ____D C:\Users\venkat\AppData\Local\CEF
2017-01-05 03:42 - 2017-01-05 03:42 - 00010752 _____ C:\Windows\seventeen.exe
2017-01-01 15:47 - 2017-01-01 23:50 - 00009080 _____ C:\Users\venkat\Desktop\Shares Strategy.xlsx
2016-12-31 15:21 - 2016-12-31 15:21 - 00001181 ____N C:\Users\Public\Desktop\TeamPostgreSQL Web Client.lnk
2016-12-31 15:21 - 2016-12-31 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamPostgreSQL
2016-12-31 15:12 - 2016-12-31 15:21 - 00000000 ____D C:\Program Files (x86)\TeamPostgreSQL
2016-12-30 21:40 - 2010-09-11 10:51 - 00439808 _____ (Atheros) C:\Windows\system32\athihvs.dll
2016-12-30 21:34 - 2016-12-30 21:34 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-12-30 21:25 - 2016-12-30 21:25 - 04057776 _____ (Oleg N. Scherbakov) C:\Users\venkat\Downloads\HPSupportSolutionsFramework-12.5.32.203.exe
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\Documents\SafeNet Sentinel
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\.spss
2016-12-30 20:32 - 2016-12-30 20:32 - 00000000 ____D C:\Users\venkat\AppData\Roaming\HP TCS
2016-12-30 20:13 - 2016-12-30 20:13 - 00000000 ____D C:\Users\venkat\AppData\Roaming\CyberLink
2016-12-30 20:12 - 2016-12-30 20:12 - 00000000 ____D C:\Users\Public\CyberLink
2016-12-30 20:09 - 2016-12-30 20:12 - 00000000 ____D C:\Users\venkat\Documents\Youcam
2016-12-30 15:13 - 2016-12-31 13:26 - 00000000 ____D C:\Users\venkat\Desktop\Postgres
2016-12-30 12:45 - 2016-12-30 21:37 - 00000000 ____D C:\Users\venkat\AppData\Roaming\pgAdmin
2016-12-29 23:28 - 2016-12-29 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.6
2016-12-29 23:21 - 2016-12-29 23:21 - 00000000 ____D C:\Program Files\PostgreSQL
2016-12-28 17:54 - 2016-12-28 17:54 - 00014785 _____ C:\Users\venkat\Desktop\xe~1.sql
2016-12-28 17:54 - 2016-12-28 17:54 - 00001479 _____ C:\Users\venkat\xe.sql
2016-12-25 18:08 - 2017-01-10 11:13 - 00010932 _____ C:\Users\venkat\Desktop\Important Days & bills.xlsx
2016-12-21 13:34 - 2016-12-21 13:35 - 04700160 _____ C:\Users\venkat\Downloads\remote area.xls
2016-12-20 17:33 - 2016-12-20 19:28 - 00000000 ____D C:\Users\venkat\Desktop\New Technologies
2016-12-17 15:21 - 2016-12-17 16:02 - 00000000 ____D C:\Users\venkat\AppData\Roaming\SQL Developer
2016-12-17 15:21 - 2016-12-17 15:21 - 00001612 ____N C:\Users\venkat\Desktop\sqldeveloper.exe - Shortcut.lnk
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\Users\venkat\AppData\Roaming\sqldeveloper
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\ProgramData\Oracle
2016-12-17 15:19 - 2016-12-17 15:19 - 00000000 ____D C:\Users\venkat\Desktop\sqldeveloper-4.2.0.16.260.1303-x64
2016-12-17 14:59 - 2016-12-17 14:59 - 00000000 ____D C:\Users\venkat\Oracle
2016-12-17 14:58 - 2016-12-17 14:58 - 00000000 ____D C:\oraclexe
2016-12-17 14:33 - 2016-12-17 14:33 - 00003102 _____ C:\Windows\System32\Tasks\{05D8699E-CC8C-47DF-99BE-26F68EB63901}
2016-12-17 14:26 - 2016-12-17 14:26 - 00000624 _____ C:\Users\venkat\Desktop\tnsnames.ora
2016-12-17 14:10 - 2017-01-07 22:21 - 00000000 ____D C:\Program Files (x86)\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\Program Files (x86)\Raize
2016-12-17 14:10 - 2005-01-08 03:00 - 00024064 _____ (Raize Software, Inc.) C:\Windows\SysWOW64\CS30Inspectors70.bpl
2016-12-17 13:55 - 2016-12-17 13:55 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Dell
2016-12-17 13:49 - 2016-12-17 13:49 - 00046441 _____ C:\Users\venkat\Downloads\dataDec-17-2016 (1).sql
2016-12-17 13:47 - 2016-12-17 16:01 - 00043163 _____ C:\Users\venkat\Downloads\dataDec-17-2016.sql
2016-12-16 21:01 - 2016-12-28 17:02 - 00000000 ____D C:\Users\venkat\Desktop\Freelancers

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-14 14:27 - 2016-06-06 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-01-14 14:27 - 2010-01-13 17:08 - 00000000 ____D C:\Users\Apoorva
2017-01-14 14:27 - 2009-08-21 14:55 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2017-01-14 14:27 - 2009-08-21 12:27 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2017-01-14 14:27 - 2009-08-21 12:25 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-01-14 14:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-01-14 14:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2017-01-14 11:47 - 2009-09-30 08:38 - 01660325 _____ C:\Windows\WindowsUpdate.log
2017-01-14 11:39 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-14 11:39 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-14 11:30 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat
2017-01-14 11:29 - 2016-07-23 04:40 - 00000000 ____D C:\ProgramData\VMware
2017-01-14 11:29 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-14 11:29 - 2009-07-13 23:51 - 00205764 _____ C:\Windows\setupact.log
2017-01-14 11:29 - 2009-07-13 23:45 - 00427488 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-13 21:52 - 2016-05-20 07:25 - 00117144 _____ C:\Users\venkat\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-13 21:11 - 2016-05-20 07:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-13 21:00 - 2010-12-22 22:28 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job
2017-01-13 20:15 - 2009-08-21 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-13 19:53 - 2009-09-30 09:27 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-13 19:53 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-01-13 19:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-13 19:25 - 2010-01-13 18:10 - 00517300 _____ C:\Windows\PFRO.log
2017-01-13 17:02 - 2016-05-28 03:01 - 00000000 ____D C:\Users\venkat\AppData\Local\Google
2017-01-13 16:59 - 2010-02-15 13:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-13 16:59 - 2010-02-15 13:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-13 16:44 - 2010-01-13 17:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-13 16:24 - 2011-06-27 18:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-13 16:20 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-13 16:20 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-01-13 16:08 - 2009-08-21 14:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-13 16:04 - 2011-01-08 18:46 - 00000000 ____D C:\ProgramData\HP
2017-01-13 15:57 - 2009-08-21 14:06 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-13 15:46 - 2009-08-21 12:55 - 00000000 ____D C:\Program Files (x86)\HP Games
2017-01-13 15:44 - 2009-08-21 12:55 - 00000000 ____D C:\ProgramData\WildTangent
2017-01-13 15:01 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-01-13 01:00 - 2010-12-22 22:28 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job
2017-01-12 16:54 - 2016-07-16 10:26 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Skype
2017-01-12 10:12 - 2016-08-01 04:54 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Notepad++
2017-01-10 21:48 - 2016-10-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-10 21:19 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2017-01-10 21:13 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2017-01-10 21:11 - 2016-05-20 07:54 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 21:11 - 2016-05-20 07:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 21:11 - 2011-10-12 09:30 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 21:11 - 2011-10-12 09:30 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 21:11 - 2009-08-21 12:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 20:36 - 2016-10-28 22:09 - 00000000 ____D C:\Program Files\McAfee
2017-01-10 18:19 - 2016-09-21 19:18 - 00000000 ____D C:\Users\venkat\Desktop\EAD
2017-01-10 13:25 - 2010-01-13 17:30 - 00002054 _____ C:\Users\Public\Desktop\Accessories.lnk
2017-01-09 20:14 - 2016-07-24 08:59 - 00000000 ____D C:\ProgramData\LightScribe
2017-01-09 17:23 - 2016-07-17 09:06 - 00000235 _____ C:\Users\venkat\Desktop\bags with tsa locks.txt
2017-01-08 21:05 - 2010-04-21 18:27 - 00000000 ____D C:\ProgramData\Recovery
2017-01-08 21:00 - 2010-01-13 17:15 - 00118592 _____ C:\Users\Apoorva\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-08 20:55 - 2010-12-22 22:29 - 00002285 _____ C:\Users\Apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 20:55 - 2010-12-22 22:29 - 00002255 _____ C:\Users\Apoorva\Desktop\Google Chrome.lnk
2017-01-08 13:51 - 2016-07-24 10:36 - 00000000 ____D C:\Users\venkat\AppData\Local\Downloaded Installations
2017-01-08 13:10 - 2010-09-12 17:57 - 00000000 ____D C:\Users\Apoorva\Documents\My Received Files
2017-01-07 23:23 - 2016-07-23 04:53 - 00000000 ____D C:\Users\venkat\AppData\Roaming\VMware
2017-01-07 13:49 - 2016-07-24 11:52 - 00000000 ____D C:\ProgramData\Nero
2017-01-07 13:41 - 2016-07-24 11:54 - 00000188 _____ C:\Windows\SysWOW64\MsiExec.exe.log
2017-01-07 11:04 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat\AppData\Local\VirtualStore
2017-01-06 20:40 - 2011-09-30 10:21 - 00000000 ____D C:\Windows\Minidump
2017-01-05 22:13 - 2016-07-16 03:03 - 00000000 ____D C:\Users\venkat\Desktop\Movies
2017-01-05 18:28 - 2016-10-28 22:14 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-01-05 18:27 - 2016-10-28 22:14 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-01-05 18:21 - 2016-10-28 22:08 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-01-05 17:09 - 2009-07-14 00:13 - 00786806 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-05 17:04 - 2016-10-28 21:47 - 00000000 ____D C:\Users\venkat\AppData\Local\LogMeIn Rescue Applet
2017-01-05 12:42 - 2016-05-28 03:09 - 00002327 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-01-05 12:42 - 2016-05-20 07:24 - 00002157 ____R C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2017-01-05 12:41 - 2016-05-28 03:09 - 00002315 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2016-12-31 15:26 - 2016-07-26 07:01 - 00000000 ____D C:\Users\venkat\AppData\Roaming\BITS
2016-12-31 10:13 - 2010-01-31 21:52 - 00000000 ____D C:\Program Files\Google
2016-12-30 23:25 - 2011-06-27 18:48 - 00000000 ____D C:\ProgramData\Skype
2016-12-30 23:25 - 2010-01-13 17:57 - 00000000 ____D C:\ProgramData\Google
2016-12-30 21:40 - 2011-04-16 17:15 - 00000000 ____D C:\Windows\system32\nn-NO
2016-12-30 21:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2016-12-30 21:29 - 2016-05-20 07:26 - 00000000 ____D C:\Users\venkat\AppData\Local\Hewlett-Packard
2016-12-30 20:48 - 2011-04-22 22:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-12-30 20:17 - 2011-02-26 22:03 - 00000000 ____D C:\ProgramData\UAB
2016-12-30 20:10 - 2009-08-21 13:48 - 00000000 ____D C:\ProgramData\CyberLink
2016-12-29 23:19 - 2016-07-24 10:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-25 16:10 - 2016-09-15 21:04 - 00000087 _____ C:\Users\venkat\AppData\default.pls
2016-12-17 14:37 - 2010-01-13 17:10 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2017-01-13 00:00 - 2017-01-13 00:00 - 0000000 _____ () C:\Users\venkat\AppData\Local\AtStart.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 0000000 _____ () C:\Users\venkat\AppData\Local\DSwitch.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 0000000 _____ () C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-13 11:00 - 2017-01-13 11:00 - 0007616 _____ () C:\Users\venkat\AppData\Local\Resmon.ResmonCfg
2017-01-13 00:00 - 2017-01-14 11:43 - 0000290 _____ () C:\ProgramData\hpqp.ini
2017-01-12 23:08 - 2017-01-14 11:50 - 0001099 _____ () C:\ProgramData\HPWALog.txt
2017-01-13 15:57 - 2017-01-13 16:10 - 0005767 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\venkat\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-07-08 21:25

==================== End of FRST.txt ============================

venkatbollu · Jan 14, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by venkat (2017-01-14 11:52:00)
Running from C:\Users\venkat\Desktop\New folder
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-13 22:08:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3623452270-2088294941-995359613-500 - Administrator - Disabled)
Apoorva (S-1-5-21-3623452270-2088294941-995359613-1001 - Administrator - Enabled) => C:\Users\Apoorva
Guest (S-1-5-21-3623452270-2088294941-995359613-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3623452270-2088294941-995359613-1002 - Limited - Enabled)
venkat (S-1-5-21-3623452270-2088294941-995359613-1003 - Administrator - Enabled) => C:\Users\venkat
__vmware_user__ (S-1-5-21-3623452270-2088294941-995359613-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
FlashGet 3.3 (HKLM-x32\...\FlashGet 3.3) (Version: 3.3.0.1092 - http://www.FlashGet.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.4.18.7 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{4E432692-A736-4F77-AF77-F9078CF88D31}) (Version: 3.50.11.2 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
PostgreSQL 9.6 (HKLM\...\PostgreSQL 9.6) (Version: 9.6 - PostgreSQL Global Development Group)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.2.0 - Adlice Software)
RPS CRT (x32 Version: 9.0.40 - Bell) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
TeamPostgreSQL 1.07 (HKLM-x32\...\0115-9748-2388-7305) (Version: 1.07 - Webworks SA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
VMware Workstation (HKLM-x32\...\{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}) (Version: 6.5.1.5078 - VMware, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

10-01-2017 15:57:07 JRT Pre-Junkware Removal
13-01-2017 00:29:15 Installed Sophos Virus Removal Tool.
13-01-2017 15:47:12 Removed VEX Programming Driver 64-bit.
13-01-2017 15:48:21 Removed PASW Statistics 18.
13-01-2017 16:18:11 Windows Modules Installer
13-01-2017 16:22:54 Removed Skype Click to Call
13-01-2017 16:31:38 Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
13-01-2017 16:53:27 Windows Modules Installer
13-01-2017 19:43:54 Windows Modules Installer
13-01-2017 20:14:18 Removed HP Setup
13-01-2017 21:47:29 Removed HP Support Assistant.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-01-05 16:17 - 2017-01-10 21:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04C79267-0EC4-4985-882D-E7E935DB911B} - System32\Tasks\{F2F30F23-07ED-45A3-849C-B55476ECCFAF} => C:\Program Files (x86)\FirstClass\fcc32.exe
Task: {0DA331D6-B162-44AD-AF48-300BB808C607} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {0E1DB523-5AB8-4747-85EA-BEEB91AA4867} - System32\Tasks\{E7958005-452C-41D7-9DF8-14E78BEBCCB6} => Chrome.exe http://ui.skype.com/ui/0/5.3.0.116....google-chrome:notoffered;ienotdefaultbrowser2
Task: {13F33A43-6318-47FD-A3C7-16E5BE070570} - System32\Tasks\{05D8699E-CC8C-47DF-99BE-26F68EB63901} => pcalua.exe -a F:\venkat\DATA\OracleXEClient.exe -d F:\venkat\DATA
Task: {1AA42887-21B2-4795-BF03-B9A3BD780FAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-07] (HP Inc.)
Task: {21D3B24C-5B7C-460F-B519-25DA61FEF396} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-08] (Hewlett-Packard)
Task: {3AB3CA47-0F53-487F-9244-90E5D4042065} - System32\Tasks\{EA460A63-A1D1-4BFF-AD39-98B87763B670} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-11-15] (Skype Technologies S.A.)
Task: {400A1DFE-1699-46DC-AD0E-AB676CE8C7D3} - System32\Tasks\{FAF9B758-61CE-4ECD-BF20-E49B8D2241F6} => pcalua.exe -a C:\Users\Apoorva\Downloads\Shockwave_Installer_Slim.exe -d C:\Users\Apoorva\Downloads
Task: {44F1EFCC-87C7-49C2-9925-A83DEDFE0621} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {4ACE4019-02FA-4113-AAC4-5A1139E418F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {4B95C303-C0C1-4521-936B-3EB156890FAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {4D45399D-586E-42BF-BCD2-573CAB8B6119} - System32\Tasks\{6823A56D-DDC6-4B70-B152-0D965D06C1A3} => F:\adobe-master-cs4-keygen.exe
Task: {5309CFE5-ED98-40BB-B579-0914BAE25204} - System32\Tasks\{A86CC31E-76A7-4341-89DD-75CE59D7457D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -c -runfromtemp -l0x0009 -uninst -removeonly
Task: {53DF5D7F-66C9-4DE1-AE88-D45C11632981} - System32\Tasks\{97AE6B8B-F48F-4D2B-8286-745C193C3C2C} => F:\adobe-master-cs4-keygen.exe
Task: {65A3F676-92BC-4873-9F12-6B183064BC8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {761F6C41-F669-4B38-AB34-C0E89AB3028A} - System32\Tasks\{5FE19C52-A260-4A87-AC2C-1DB8E2FD4111} => pcalua.exe -a "C:\Program Files (x86)\Windows Live Safety Center\wlschost.exe" -c -Uninstall
Task: {7A746220-D1E7-4DE8-B7C1-2A98F0C76856} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {7B23C974-6F2B-4C8D-9E6B-2F4593FB6682} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {80BBF6EC-4102-4BBA-B843-3A55F21260AA} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {84F43933-098E-4187-BC12-ED32FB2D859B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-10-11] (McAfee, Inc.)
Task: {8AC9B359-2774-4C42-945D-96972DDDD3C2} - System32\Tasks\{A62FE67E-04F7-4FA7-ADAE-6AAE7C264E12} => F:\adobe-master-cs4-keygen.exe
Task: {9315B6A8-3E47-463E-9AEF-7CA62B1EEDC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {9EDD2BC9-8717-49B6-B428-D48F0E9B6DD9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {A100F944-0708-46F3-B701-70A612F256F7} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {A8C5C8E1-A339-4625-9317-2950683F350F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {D2D44C00-FD62-4039-AE4B-FA5E4BF9C508} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-13] (Google Inc.)
Task: {D92E1664-B5CB-4742-B020-DA5C814F91B3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {DB481021-DDF9-4603-B123-946F004563B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-13] (Google Inc.)
Task: {DCDC0242-F5FE-48C2-8944-D77046A0C242} - System32\Tasks\{B6493AA2-6DCF-4DB4-8540-1313591AD2B7} => F:\adobe-master-cs4-keygen.exe
Task: {E3E4A235-E952-40C3-85FC-2789F325AAE5} - System32\Tasks\bak3033876k3033876 => C:\Program Files (x86)\leander\leander.exe
Task: {EF3D6DEF-1AE9-4A8B-8A71-6114B5E4CBF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {F5ED44E4-7C17-4D17-AC67-BD0DA4B35077} - System32\Tasks\{420B1986-45F9-4D13-9576-68D05B728CDD} => F:\adobe-master-cs4-keygen.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2016-12-29 23:23 - 2016-10-25 05:08 - 00182784 _____ () C:\Program Files\PostgreSQL\9.6\bin\LIBPQ.dll
2009-08-21 13:55 - 2009-01-21 13:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-12-31 15:19 - 2016-10-06 23:26 - 00197120 _____ () C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe
2016-12-29 23:28 - 2016-08-01 05:29 - 02264576 _____ () C:\Program Files\PostgreSQL\9.6\bin\libxml2.dll
2017-01-07 13:43 - 2017-01-11 17:44 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-10 13:06 - 2017-01-11 17:44 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-10 13:06 - 2017-01-11 17:44 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-23 04:23 - 2010-03-15 00:58 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-11-27 12:55 - 2016-11-27 12:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-03-28 19:40 - 2009-05-01 12:54 - 00291496 _____ () C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2008-10-28 12:38 - 2008-10-28 12:38 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2008-10-28 12:38 - 2008-10-28 12:38 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
2011-03-28 19:40 - 2006-08-08 14:54 - 00278528 _____ () C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyscw.dll
2011-03-28 19:40 - 2006-05-25 15:20 - 00241664 _____ () C:\Program Files (x86) (x86)\Lexmark 3400 Series\iptk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\kuaiche.com -> hxxp://software.kuaiche.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AEFE6630-389E-44DF-82F3-9485A7A6FD6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{CD3BBA8F-D17B-418B-B56F-F8B2608FFAAB}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{3D774B82-31A0-4C83-881F-4A06ED7619BA}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{14C6C2AC-2EDB-4705-9A83-364F97376224}] => (Allow) C:\Users\Apoorva\Downloads\Bitcomet\BitComet.exe
FirewallRules: [{73288AF7-2806-4D81-A131-053D89D47F0C}] => (Allow) C:\Users\Apoorva\Downloads\Bitcomet\BitComet.exe
FirewallRules: [{47FC9419-5892-47CA-B917-915EA4362EA5}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{9F022428-26EC-44CC-A40F-F6E7C0191156}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{0C4814E0-119B-4F84-9444-7989C1985B37}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{F3DC371C-4528-494E-8DE9-5C35ED44EAD1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{46D10E6C-F4DC-4E78-9BCC-E9DAF8919A5F}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{F48B909D-B583-42E0-AF37-3197053845FA}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{7393CE50-32F0-48CC-A376-EC1B9F59E385}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{ADF450EF-2A82-4C17-AC44-006380307EC6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{01AD65CD-19EA-4FA8-A727-7F95AF4E8574}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DEE232A2-F0BE-4EB1-9E1C-0109C368E6EF}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{C5D0C97C-7162-477A-902E-C069810DF6C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{8662FEFB-4A27-4D64-A82D-73ABE4C1C88A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{6BF1A9AF-9E34-477A-8CF1-7B41546E1E47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{17ED5779-2164-46E0-8E9F-01A66A91DCF7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C4ED4A68-B3ED-4552-AC94-894659188A51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{BFCB4B69-A999-4840-8C2C-AE4A83A48F37}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{FF52AFEB-0A7E-4049-8FA6-745427DC305F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EBB4F998-53A1-4361-AEAB-1CF260C6C585}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{68B26E8D-C2AF-40B9-8390-7F701DC8A6CA}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{16C4A618-F814-4845-8A60-0B4ECD8E8A32}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C7B04456-7990-43AA-B8F4-BB700129395B}] => (Allow) svchost.exe
FirewallRules: [{433D8BC5-FC16-444C-AF78-7A9630EC5976}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{9D896ACF-4069-49CF-850B-E29E594015F9}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe
FirewallRules: [{954892B4-46AF-43D2-8FC4-F2A27ED3F2FE}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe
FirewallRules: [{C8BC2726-ACC8-4AB4-A3B9-00762493D0F6}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{4FDCF821-2B16-45C3-9EA6-AE259B4E6764}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{4E82F33F-C870-44BA-8642-4D75868180E8}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{C1828FFF-05CF-488B-A7CE-EA3E54888C6E}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{B6B4FE57-8DE8-473E-89BE-BA346E80B818}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{EAFC6447-CCF0-4ACB-A4DB-6128764B0CB5}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{4DDB8838-4FB0-4C42-B881-A0B0BA19E0FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{197BDDFC-5E69-4551-ACB7-10CF33684645}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{F7C17022-D05C-4358-B584-6EAFC61F0590}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [UDP Query User{370E9F8A-6264-4DB5-BB55-E45F3E8C9FC2}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [{E3D44FAE-A6D8-4378-AA27-F55F0DAF83C4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A6CA6B5-C57A-4F0D-8D20-474FF804A814}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{D378E215-5A71-4506-80FF-6FA1BBFF9645}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{8609C6CF-FC48-4942-9D81-AA44483D2804}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{EDA7D9FD-3485-41A7-BAC7-7308CDC798F6}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{7B6AE310-337D-4302-858F-EDFD2E2D8F24}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{2C0FE087-8539-4604-A7AD-492226CCA3A4}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{E4E5E4BE-AFB3-4BE3-B4DA-9F8A65AA78BB}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{CB34981A-B7C8-4CF5-B04D-DB2B898FCE79}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{94A7E039-4028-4F49-A11D-00E709D996C2}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{FF753986-7706-4B2C-A39C-9C96EB1FE880}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{8EA72A0D-BD79-4ED2-8BF5-4C2737B06E0E}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{729F16B0-117F-493A-B125-AE2D36AA2B2C}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{D5A1A7A3-074D-4010-8152-848D7772DA60}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{4B8026D1-DC47-4723-A2EB-5702476D268E}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{893F4CF6-6E71-4140-B976-65E37B87C634}] => (Allow) LPort=135
FirewallRules: [{4723771B-437C-4765-95FA-278C9E7E0455}] => (Allow) LPort=5000
FirewallRules: [{98FAB258-07BE-462B-BD2D-C99E621C7463}] => (Allow) LPort=5001
FirewallRules: [{337E4CE1-CD3D-414A-B956-5BCD0DDFA588}] => (Allow) LPort=5002
FirewallRules: [{D1B32D62-5643-44C2-8237-9ECEC69FA6F5}] => (Allow) LPort=5003
FirewallRules: [{AAB6F790-7E12-42B4-AA84-8B7D5DBBD127}] => (Allow) LPort=5004
FirewallRules: [{40505419-B36F-4ED9-99E1-333C30352BBE}] => (Allow) LPort=5005
FirewallRules: [{79F935B9-5F45-4749-B1E9-46B53833A916}] => (Allow) LPort=5006
FirewallRules: [{9B1C853D-5AF9-4398-8790-F33A30F41CC9}] => (Allow) LPort=5007
FirewallRules: [{7A7DD6BE-A3FD-466B-8AEF-B6EF42656EAA}] => (Allow) LPort=5008
FirewallRules: [{BF392420-ABB5-4021-A31B-11959EA4D6F4}] => (Allow) LPort=5009
FirewallRules: [{E4E85B71-49EE-4C9E-8386-FFA06766BB02}] => (Allow) LPort=5010
FirewallRules: [{79C52F32-7ABB-4A07-8B95-763A4AA511AD}] => (Allow) LPort=5011
FirewallRules: [{F746FA93-DB05-42A5-8AEC-F2ED445AB863}] => (Allow) LPort=5012
FirewallRules: [{98EC8327-FA6C-4DCC-AA5B-F2BBF58BCE12}] => (Allow) LPort=5013
FirewallRules: [{24D4CA68-6B12-417E-955A-8F05673BDD37}] => (Allow) LPort=5014
FirewallRules: [{E5D31E9E-DFFD-4A4B-A73B-E7D856740894}] => (Allow) LPort=5015
FirewallRules: [{39F739A5-8154-4D47-9F08-AF4D754ED623}] => (Allow) LPort=5016
FirewallRules: [{A4C08BDE-D1AA-48A8-A116-8662DD488E14}] => (Allow) LPort=5017
FirewallRules: [{D2A12F58-F605-4230-90FB-6856FDD8CA2C}] => (Allow) LPort=5018
FirewallRules: [{ACD18103-2A45-435F-BB0A-35DC7EB216BE}] => (Allow) LPort=5019
FirewallRules: [{D515A646-46D6-45B5-8D82-ABE09399B6A3}] => (Allow) LPort=5020
FirewallRules: [{90D50485-A642-4384-B7FA-98D91C227441}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{5790F44F-371D-45A6-89D7-52200AE8ED1F}] => (Allow) C:\Users\venkat\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{27E47AA8-1635-451E-9B12-6D3B39F0FB7C}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0E8E89E2-E554-4C77-8774-25C0619E5E1A}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8873BAFF-3CE1-4F6C-8D2F-D41F2A936F60}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4A845098-E8BF-4FB5-879E-ABDC2EAA4C24}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{01222CD2-A8E5-47D6-8622-79FB6885A97B}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BE191360-1E8D-40FC-A910-673F07745296}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1267A1C0-8A4B-490B-8BF2-CDD32655589E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{8AF4AB71-B2CC-46DE-8C86-4D9D2A8BD1B3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{3A2BE009-AD59-49F2-8788-61AE5F20B5DC}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{3CE1E5FE-7010-4290-96EE-2B1B9E36D19F}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [TCP Query User{D5D0CA2B-67BE-46FB-9633-8327688037E0}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{00EDC32E-363B-4443-87C3-29495E6499D4}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{69ED8510-C0D7-4FE0-9B70-4C47219A27EB}C:\program files (x86)\teampostgresql\misc\teampostgresql.exe] => (Allow) C:\program files (x86)\teampostgresql\misc\teampostgresql.exe
FirewallRules: [UDP Query User{5223A622-1565-4093-89D5-AFD8738D2ED2}C:\program files (x86)\teampostgresql\misc\teampostgresql.exe] => (Allow) C:\program files (x86)\teampostgresql\misc\teampostgresql.exe
FirewallRules: [{726EF433-068A-4EAC-ACC0-AA87F9DDE4E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2017 04:14:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/13/2017 04:14:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/13/2017 04:14:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/13/2017 10:36:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SVRTservice.exe, version: 2.5.6.0, time stamp: 0x57a08f4f
Faulting module name: control.dll, version: 2.5.6.0, time stamp: 0x57a08f38
Exception code: 0xc00000fd
Fault offset: 0x00111600
Faulting process id: 0x404
Faulting application start time: 0xSVRTservice.exe0
Faulting application path: SVRTservice.exe1
Faulting module path: SVRTservice.exe2
Report Id: SVRTservice.exe3

Error: (01/12/2017 09:42:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.865, time stamp: 0x584ee8a0
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a1dc
Exception code: 0xc0000005
Fault offset: 0x00192cf1
Faulting process id: 0x11b0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Apoorva-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Apoorva-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Apoorva-PC)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\venkat\ntuser.dat

Error: (01/10/2017 01:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.865, time stamp: 0x584ee8a0
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a1dc
Exception code: 0xc0000005
Fault offset: 0x00192cf1
Faulting process id: 0xb60
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

System errors:
=============
Error: (01/14/2017 11:29:29 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 4) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (01/14/2017 11:14:08 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 4) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (01/13/2017 10:48:51 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 4) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (01/13/2017 07:57:37 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 4) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (01/13/2017 07:44:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/13/2017 07:38:53 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 4) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (01/13/2017 07:32:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/13/2017 07:32:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/13/2017 07:32:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/13/2017 07:32:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

CodeIntegrity:
===================================
Date: 2017-01-14 11:13:32.929
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-14 11:13:32.820
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-10 21:10:23.723
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-10 21:10:23.520
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-10 19:39:08.708
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:38.264
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:35.643
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:35.612
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:32.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 19:38:32.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 87%
Total physical RAM: 3999.19 MB
Available physical RAM: 493.61 MB
Total Virtual: 7996.56 MB
Available Virtual: 3005.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.41 GB) (Free:120.42 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.49 GB) (Free:2.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 098B9E73)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Solved Random Audio ads & unknown process in TM

Posts: 56,041 +516

Posts: 64 +0

Posts: 64 +0

Posts: 64 +0

Posts: 56,041 +516

Attachments

Posts: 64 +0

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 64 +0

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 56,041 +516

Posts: 64 +0

Posts: 64 +0

Posts: 64 +0

Similar threads