Solved Random Audio ads & unknown process in TM

Since today morning the keyboard & mouse stopped working all of sudden. Now just got my wireless mouse from the store. Not sure what's happening. May be I need to install the drivers once.
 
Keyboard and mouse drivers should install automatically.
Can you get me that PE log from safe mode?
 
I am unable to login my laptop as both keyboard and mouse not working even in safe mode.. But both work well when I enter system recovery from boot. So I am trying to restore my laptop to yesterday's image which has couple of unwanted HP softwares being uninstalled.

I am replying you from my phone. Please give me some time to get back to you.
 
There is something wrong with my laptop. The restore was completed and I was able to login. Just to generate the PE log I restarted in Safemode and again facing the issue with Keyboard and mouse. Lucky that my external mouse was working this time so I am posting you the logs that includes the Fresh FRST as I had restored to previous point.

Would you be able to help with this issue too? The drivers in device manager are appearing with a yellow question mark. I tried downloading the drivers from HP website too but no use.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by venkat (administrator) on APOORVA-PC (14-01-2017 23:34:37)
Running from C:\Users\venkat\Desktop\New folder
Loaded Profiles: venkat (Available Profiles: Apoorva & venkat)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-08-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [lxcymon.exe] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe [291496 2009-05-01] ()
HKLM-x32\...\Run: [EzPrint] => C:\Program Files (x86) (x86)\Lexmark 3400 Series\ezprint.exe [82600 2009-05-01] (Lexmark International Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2122AD89-0CB0-42C3-A5A6-4543E492E6B1}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {C34A1A1D-7C23-4BF0-BA37-9DB4879394B3} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-24] (HP)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\venkat\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2009-12-22] (Trend Media Group)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-24] (HP)
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-04-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\venkat\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-18] (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011-02-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60} [2011-12-27]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-11-29]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-25] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
S2 postgresql-x64-9.6; C:\Program Files\PostgreSQL\9.6\bin\pg_ctl.exe [94720 2016-10-25] (PostgreSQL Global Development Group) [File not signed]
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S2 TeamPostgreSQL Service; C:\Program Files (x86)\TeamPostgreSQL\misc\teampostgresql-service.exe [197120 2016-10-06] () [File not signed]
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2008-10-02] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-01-11] ()
S3 HpqKbFiltr; C:\Windows\System32\DRIVERS\HpqKbFiltr.sys [18432 2009-04-29] (Hewlett-Packard Development Company, L.P.) [File not signed]
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-10] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-14] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-14] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-14] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-14] (Malwarebytes)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-02-18] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-14 22:30 - 2017-01-14 22:30 - 00000082 _____ C:\SYNTPAD.LOG
2017-01-13 22:15 - 2017-01-14 14:27 - 00000000 ____D C:\Users\venkat\Desktop\ProcessExplorer
2017-01-13 21:51 - 2017-01-13 21:51 - 01932769 _____ C:\Users\venkat\Downloads\ProcessExplorer.zip
2017-01-13 19:07 - 2017-01-13 19:07 - 00003376 _____ C:\Users\venkat\Desktop\rk_5A32.tmp.txt
2017-01-13 16:38 - 2017-01-15 02:12 - 00000000 ____D C:\Users\venkat\AppData\Local\Apps\2.0
2017-01-13 16:38 - 2017-01-13 16:41 - 00000000 ____D C:\Users\venkat\AppData\Local\Deployment
2017-01-13 15:57 - 2017-01-13 16:10 - 00005767 _____ C:\ProgramData\hpzinstall.log
2017-01-13 15:37 - 2017-01-13 15:37 - 00001413 _____ C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-13 14:59 - 2017-01-13 14:59 - 00006992 ____N C:\bootsqm.dat
2017-01-13 11:03 - 2017-01-13 11:03 - 00110511 _____ C:\Users\venkat\Desktop\bookmarks_1_13_17.html
2017-01-13 11:00 - 2017-01-13 11:00 - 00007616 _____ C:\Users\venkat\AppData\Local\Resmon.ResmonCfg
2017-01-13 00:34 - 2017-01-13 00:34 - 00000000 ____D C:\ProgramData\Sophos
2017-01-13 00:33 - 2017-01-13 00:33 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-01-13 00:33 - 2017-01-13 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-13 00:32 - 2017-01-13 00:32 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-01-13 00:12 - 2017-01-13 00:12 - 00002969 _____ C:\Users\venkat\Downloads\FSS.txt
2017-01-13 00:00 - 2017-01-14 23:19 - 00000290 _____ C:\ProgramData\hpqp.ini
2017-01-13 00:00 - 2017-01-13 00:00 - 00000000 _____ C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 00000000 _____ C:\Users\venkat\AppData\Local\DSwitch.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 00000000 _____ C:\Users\venkat\AppData\Local\AtStart.txt
2017-01-12 23:30 - 2017-01-12 23:31 - 160346656 _____ (Sophos Limited) C:\Users\venkat\Downloads\Sophos Virus Removal Tool.exe
2017-01-12 23:29 - 2017-01-12 23:29 - 00899584 _____ (Farbar) C:\Users\venkat\Downloads\FSS.exe
2017-01-12 23:29 - 2017-01-12 23:29 - 00448512 _____ (OldTimer Tools) C:\Users\venkat\Downloads\TFC.exe
2017-01-12 22:23 - 2017-01-12 22:23 - 00852798 _____ C:\Users\venkat\Downloads\SecurityCheck.exe
2017-01-12 09:34 - 2017-01-14 23:34 - 00000000 ____D C:\Users\venkat\Desktop\New folder
2017-01-11 13:13 - 2017-01-11 13:13 - 00000178 _____ C:\lxcy.log
2017-01-11 11:41 - 2017-01-11 11:41 - 00013825 _____ C:\Users\venkat\Desktop\iexplore - Shortcut.lnk
2017-01-10 21:19 - 2017-01-10 21:19 - 00025133 _____ C:\ComboFix.txt
2017-01-10 20:42 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-10 20:42 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-10 20:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-10 20:42 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-10 20:41 - 2017-01-10 21:19 - 00000000 ____D C:\Qoobox
2017-01-10 20:41 - 2017-01-10 21:16 - 00000000 ____D C:\Windows\erdnt
2017-01-10 20:33 - 2017-01-10 20:34 - 05659315 ____R (Swearware) C:\Users\venkat\Desktop\ComboFix.exe
2017-01-10 15:57 - 2017-01-10 15:58 - 00425069 _____ C:\Users\venkat\Downloads\EAd.zip
2017-01-10 15:47 - 2017-01-10 15:48 - 01663040 _____ (Malwarebytes) C:\Users\venkat\Downloads\JRT.exe
2017-01-10 14:43 - 2017-01-10 15:07 - 00000000 ____D C:\AdwCleaner
2017-01-10 14:42 - 2017-01-10 14:43 - 03988944 _____ C:\Users\venkat\Downloads\AdwCleaner.exe
2017-01-10 13:34 - 2017-01-10 13:34 - 00042552 _____ C:\Users\venkat\Desktop\Malwarebytes fix.txt
2017-01-10 13:07 - 2017-01-14 23:32 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-10 13:07 - 2017-01-14 23:19 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-10 13:07 - 2017-01-14 23:19 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-10 13:07 - 2017-01-14 23:19 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-10 13:07 - 2017-01-10 13:07 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-10 13:06 - 2017-01-12 09:42 - 00000000 ____D C:\Users\venkat\AppData\Local\CrashDumps
2017-01-10 13:06 - 2017-01-11 17:44 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-10 13:06 - 2017-01-10 13:45 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-10 13:06 - 2017-01-10 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-10 05:18 - 2017-01-10 05:19 - 54199488 _____ (Malwarebytes ) C:\Users\venkat\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-09 20:39 - 2017-01-12 15:11 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-09 20:34 - 2017-01-09 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-09 20:34 - 2017-01-09 20:34 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-09 20:33 - 2017-01-15 02:12 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-09 20:28 - 2017-01-09 20:30 - 34710200 _____ (Adlice Software ) C:\Users\venkat\Downloads\RogueKiller setup.exe
2017-01-09 12:42 - 2017-01-09 13:24 - 00054237 _____ C:\Users\venkat\Downloads\Addition.txt
2017-01-09 11:16 - 2017-01-09 13:24 - 00057684 _____ C:\Users\venkat\Downloads\FRST.txt
2017-01-08 23:06 - 2017-01-08 23:06 - 00006628 _____ C:\Users\venkat\Desktop\Shares Strategy.xlsx.txt
2017-01-08 22:38 - 2017-01-08 22:42 - 00054677 _____ C:\Users\venkat\Downloads\Addition_bkp.txt
2017-01-08 22:32 - 2017-01-08 22:39 - 00003313 _____ C:\Users\venkat\Desktop\My Portfolio.csv
2017-01-08 22:29 - 2017-01-08 22:42 - 00059147 _____ C:\Users\venkat\Downloads\FRST_bkp.txt
2017-01-08 22:23 - 2017-01-14 23:34 - 00000000 ____D C:\FRST
2017-01-08 21:39 - 2017-01-08 21:40 - 02193920 _____ (Farbar) C:\Users\venkat\Downloads\FRST64.exe
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-07 13:42 - 2017-01-07 13:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-07 13:27 - 2017-01-07 13:27 - 00003156 _____ C:\Windows\System32\Tasks\{5FE19C52-A260-4A87-AC2C-1DB8E2FD4111}
2017-01-06 16:25 - 2017-01-06 16:25 - 00001945 _____ C:\Windows\epplauncher.mif
2017-01-06 16:24 - 2017-01-06 16:24 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-01-06 16:23 - 2017-01-06 16:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-01-06 16:23 - 2017-01-06 16:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-01-05 17:38 - 2017-01-10 20:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-05 17:00 - 2017-01-05 18:18 - 00000034 _____ C:\Users\venkat\Desktop\MCafee SR#.txt
2017-01-05 12:46 - 2017-01-05 12:46 - 00003642 _____ C:\Windows\System32\Tasks\bak3033876k3033876
2017-01-05 12:46 - 2017-01-05 12:46 - 00000000 ___HD C:\Program Files (x86)\wells
2017-01-05 12:44 - 2017-01-05 12:44 - 00000000 ____D C:\Users\venkat\AppData\Local\CEF
2017-01-05 03:42 - 2017-01-05 03:42 - 00010752 _____ C:\Windows\seventeen.exe
2017-01-01 15:47 - 2017-01-01 23:50 - 00009080 _____ C:\Users\venkat\Desktop\Shares Strategy.xlsx
2016-12-31 15:21 - 2016-12-31 15:21 - 00001181 ____N C:\Users\Public\Desktop\TeamPostgreSQL Web Client.lnk
2016-12-31 15:21 - 2016-12-31 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamPostgreSQL
2016-12-31 15:12 - 2016-12-31 15:21 - 00000000 ____D C:\Program Files (x86)\TeamPostgreSQL
2016-12-30 21:40 - 2010-09-11 10:51 - 00439808 _____ (Atheros) C:\Windows\system32\athihvs.dll
2016-12-30 21:34 - 2016-12-30 21:34 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-12-30 21:25 - 2016-12-30 21:25 - 04057776 _____ (Oleg N. Scherbakov) C:\Users\venkat\Downloads\HPSupportSolutionsFramework-12.5.32.203.exe
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\Documents\SafeNet Sentinel
2016-12-30 21:05 - 2016-12-30 21:05 - 00000000 ____D C:\Users\venkat\.spss
2016-12-30 20:32 - 2016-12-30 20:32 - 00000000 ____D C:\Users\venkat\AppData\Roaming\HP TCS
2016-12-30 20:13 - 2016-12-30 20:13 - 00000000 ____D C:\Users\venkat\AppData\Roaming\CyberLink
2016-12-30 20:12 - 2016-12-30 20:12 - 00000000 ____D C:\Users\Public\CyberLink
2016-12-30 20:09 - 2016-12-30 20:12 - 00000000 ____D C:\Users\venkat\Documents\Youcam
2016-12-30 15:13 - 2016-12-31 13:26 - 00000000 ____D C:\Users\venkat\Desktop\Postgres
2016-12-30 12:45 - 2016-12-30 21:37 - 00000000 ____D C:\Users\venkat\AppData\Roaming\pgAdmin
2016-12-29 23:28 - 2016-12-29 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.6
2016-12-29 23:21 - 2016-12-29 23:21 - 00000000 ____D C:\Program Files\PostgreSQL
2016-12-28 17:54 - 2016-12-28 17:54 - 00014785 _____ C:\Users\venkat\Desktop\xe~1.sql
2016-12-28 17:54 - 2016-12-28 17:54 - 00001479 _____ C:\Users\venkat\xe.sql
2016-12-25 18:08 - 2017-01-10 11:13 - 00010932 _____ C:\Users\venkat\Desktop\Important Days & bills.xlsx
2016-12-21 13:34 - 2016-12-21 13:35 - 04700160 _____ C:\Users\venkat\Downloads\remote area.xls
2016-12-20 17:33 - 2016-12-20 19:28 - 00000000 ____D C:\Users\venkat\Desktop\New Technologies
2016-12-17 15:21 - 2016-12-17 16:02 - 00000000 ____D C:\Users\venkat\AppData\Roaming\SQL Developer
2016-12-17 15:21 - 2016-12-17 15:21 - 00001612 ____N C:\Users\venkat\Desktop\sqldeveloper.exe - Shortcut.lnk
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\Users\venkat\AppData\Roaming\sqldeveloper
2016-12-17 15:21 - 2016-12-17 15:21 - 00000000 ____D C:\ProgramData\Oracle
2016-12-17 15:19 - 2016-12-17 15:19 - 00000000 ____D C:\Users\venkat\Desktop\sqldeveloper-4.2.0.16.260.1303-x64
2016-12-17 14:59 - 2016-12-17 14:59 - 00000000 ____D C:\Users\venkat\Oracle
2016-12-17 14:58 - 2016-12-17 14:58 - 00000000 ____D C:\oraclexe
2016-12-17 14:33 - 2016-12-17 14:33 - 00003102 _____ C:\Windows\System32\Tasks\{05D8699E-CC8C-47DF-99BE-26F68EB63901}
2016-12-17 14:26 - 2016-12-17 14:26 - 00000624 _____ C:\Users\venkat\Desktop\tnsnames.ora
2016-12-17 14:10 - 2017-01-07 22:21 - 00000000 ____D C:\Program Files (x86)\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\ProgramData\Quest Software
2016-12-17 14:10 - 2016-12-17 14:10 - 00000000 ____D C:\Program Files (x86)\Raize
2016-12-17 14:10 - 2005-01-08 03:00 - 00024064 _____ (Raize Software, Inc.) C:\Windows\SysWOW64\CS30Inspectors70.bpl
2016-12-17 13:55 - 2016-12-17 13:55 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Dell
2016-12-17 13:49 - 2016-12-17 13:49 - 00046441 _____ C:\Users\venkat\Downloads\dataDec-17-2016 (1).sql
2016-12-17 13:47 - 2016-12-17 16:01 - 00043163 _____ C:\Users\venkat\Downloads\dataDec-17-2016.sql
2016-12-16 21:01 - 2016-12-28 17:02 - 00000000 ____D C:\Users\venkat\Desktop\Freelancers

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-15 02:12 - 2016-07-16 02:53 - 00000000 ____D C:\Users\venkat\AppData\Roaming\BitTorrent
2017-01-15 02:12 - 2016-06-06 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-01-15 02:12 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2017-01-15 02:12 - 2010-01-13 17:08 - 00000000 ____D C:\Users\Apoorva
2017-01-15 02:12 - 2009-08-21 14:55 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2017-01-15 02:12 - 2009-08-21 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-15 02:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-01-15 02:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2017-01-15 02:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-15 02:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2017-01-15 02:10 - 2009-08-21 12:27 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2017-01-15 02:10 - 2009-07-16 18:15 - 00000000 ____D C:\SwSetup
2017-01-15 02:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2017-01-15 02:09 - 2009-08-21 12:25 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-01-15 01:52 - 2010-04-21 18:27 - 00000000 ____D C:\ProgramData\Recovery
2017-01-14 23:30 - 2009-09-30 08:38 - 01608917 _____ C:\Windows\WindowsUpdate.log
2017-01-14 23:30 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-14 23:30 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-14 23:18 - 2016-05-20 07:25 - 00117144 _____ C:\Users\venkat\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-14 23:18 - 2009-07-13 23:51 - 00205686 _____ C:\Windows\setupact.log
2017-01-14 23:17 - 2016-07-23 04:40 - 00000000 ____D C:\ProgramData\VMware
2017-01-14 23:17 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat
2017-01-14 23:17 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-14 22:04 - 2016-05-20 07:26 - 00000000 ____D C:\Users\venkat\AppData\Roaming\hpqlog
2017-01-13 19:53 - 2009-09-30 09:27 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-13 16:24 - 2011-06-27 18:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-13 16:20 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-13 16:20 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-01-13 16:12 - 2009-07-13 23:45 - 00437024 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-13 16:11 - 2016-05-20 07:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-13 16:11 - 2010-01-13 18:10 - 00516984 _____ C:\Windows\PFRO.log
2017-01-13 16:08 - 2009-08-21 14:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-13 16:04 - 2011-01-08 18:46 - 00000000 ____D C:\ProgramData\HP
2017-01-13 16:00 - 2010-12-22 22:28 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job
2017-01-13 15:57 - 2009-08-21 14:06 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-13 15:46 - 2009-08-21 12:55 - 00000000 ____D C:\Program Files (x86)\HP Games
2017-01-13 15:44 - 2009-08-21 12:55 - 00000000 ____D C:\ProgramData\WildTangent
2017-01-13 15:37 - 2010-01-13 17:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-13 15:01 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-01-13 01:00 - 2010-12-22 22:28 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job
2017-01-12 16:54 - 2016-07-16 10:26 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Skype
2017-01-12 10:12 - 2016-08-01 04:54 - 00000000 ____D C:\Users\venkat\AppData\Roaming\Notepad++
2017-01-10 21:48 - 2016-10-28 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-10 21:19 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2017-01-10 21:13 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2017-01-10 21:11 - 2016-05-20 07:54 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 21:11 - 2016-05-20 07:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 21:11 - 2011-10-12 09:30 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 21:11 - 2011-10-12 09:30 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 21:11 - 2009-08-21 12:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 20:36 - 2016-10-28 22:09 - 00000000 ____D C:\Program Files\McAfee
2017-01-10 18:19 - 2016-09-21 19:18 - 00000000 ____D C:\Users\venkat\Desktop\EAD
2017-01-10 13:25 - 2010-01-13 17:30 - 00002054 _____ C:\Users\Public\Desktop\Accessories.lnk
2017-01-09 20:14 - 2016-07-24 08:59 - 00000000 ____D C:\ProgramData\LightScribe
2017-01-09 17:23 - 2016-07-17 09:06 - 00000235 _____ C:\Users\venkat\Desktop\bags with tsa locks.txt
2017-01-08 21:00 - 2010-01-13 17:15 - 00118592 _____ C:\Users\Apoorva\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-08 20:55 - 2010-12-22 22:29 - 00002285 _____ C:\Users\Apoorva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 20:55 - 2010-12-22 22:29 - 00002255 _____ C:\Users\Apoorva\Desktop\Google Chrome.lnk
2017-01-08 13:51 - 2016-07-24 10:36 - 00000000 ____D C:\Users\venkat\AppData\Local\Downloaded Installations
2017-01-08 13:10 - 2010-09-12 17:57 - 00000000 ____D C:\Users\Apoorva\Documents\My Received Files
2017-01-07 23:23 - 2016-07-23 04:53 - 00000000 ____D C:\Users\venkat\AppData\Roaming\VMware
2017-01-07 13:49 - 2016-07-24 11:52 - 00000000 ____D C:\ProgramData\Nero
2017-01-07 13:41 - 2016-07-24 11:54 - 00000188 _____ C:\Windows\SysWOW64\MsiExec.exe.log
2017-01-07 11:04 - 2016-05-20 07:23 - 00000000 ____D C:\Users\venkat\AppData\Local\VirtualStore
2017-01-06 20:40 - 2011-09-30 10:21 - 00000000 ____D C:\Windows\Minidump
2017-01-05 22:13 - 2016-07-16 03:03 - 00000000 ____D C:\Users\venkat\Desktop\Movies
2017-01-05 18:28 - 2016-10-28 22:14 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-01-05 18:27 - 2016-10-28 22:14 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-01-05 18:21 - 2016-10-28 22:08 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-01-05 17:09 - 2009-07-14 00:13 - 00786806 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-05 17:04 - 2016-10-28 21:47 - 00000000 ____D C:\Users\venkat\AppData\Local\LogMeIn Rescue Applet
2017-01-05 12:42 - 2016-05-28 03:09 - 00002327 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-01-05 12:42 - 2016-05-20 07:24 - 00002157 ____R C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2017-01-05 12:41 - 2016-05-28 03:09 - 00002315 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2016-12-31 15:26 - 2016-07-26 07:01 - 00000000 ____D C:\Users\venkat\AppData\Roaming\BITS
2016-12-31 10:13 - 2010-01-31 21:52 - 00000000 ____D C:\Program Files\Google
2016-12-30 23:25 - 2011-06-27 18:48 - 00000000 ____D C:\ProgramData\Skype
2016-12-30 23:25 - 2010-01-13 17:57 - 00000000 ____D C:\ProgramData\Google
2016-12-30 21:40 - 2011-04-16 17:15 - 00000000 ____D C:\Windows\system32\nn-NO
2016-12-30 21:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2016-12-30 21:29 - 2016-05-20 07:26 - 00000000 ____D C:\Users\venkat\AppData\Local\Hewlett-Packard
2016-12-30 20:48 - 2011-04-22 22:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-12-30 20:17 - 2011-02-26 22:03 - 00000000 ____D C:\ProgramData\UAB
2016-12-30 20:10 - 2009-08-21 13:48 - 00000000 ____D C:\ProgramData\CyberLink
2016-12-29 23:19 - 2016-07-24 10:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-25 16:10 - 2016-09-15 21:04 - 00000087 _____ C:\Users\venkat\AppData\default.pls
2016-12-17 14:37 - 2010-01-13 17:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-16 17:54 - 2010-02-15 13:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 17:54 - 2010-02-15 13:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-01-13 00:00 - 2017-01-13 00:00 - 0000000 _____ () C:\Users\venkat\AppData\Local\AtStart.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 0000000 _____ () C:\Users\venkat\AppData\Local\DSwitch.txt
2017-01-13 00:00 - 2017-01-13 00:00 - 0000000 _____ () C:\Users\venkat\AppData\Local\QSwitch.txt
2017-01-13 11:00 - 2017-01-13 11:00 - 0007616 _____ () C:\Users\venkat\AppData\Local\Resmon.ResmonCfg
2017-01-13 00:00 - 2017-01-14 23:19 - 0000290 _____ () C:\ProgramData\hpqp.ini
2017-01-12 23:08 - 2017-01-14 23:26 - 0001099 _____ () C:\ProgramData\HPWALog.txt
2017-01-13 15:57 - 2017-01-13 16:10 - 0005767 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-07-08 21:25

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by venkat (2017-01-14 23:35:39)
Running from C:\Users\venkat\Desktop\New folder
Windows 7 Home Premium Service Pack 1 (X64) (2010-01-13 22:08:49)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3623452270-2088294941-995359613-500 - Administrator - Disabled)
Apoorva (S-1-5-21-3623452270-2088294941-995359613-1001 - Administrator - Enabled) => C:\Users\Apoorva
Guest (S-1-5-21-3623452270-2088294941-995359613-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3623452270-2088294941-995359613-1002 - Limited - Enabled)
venkat (S-1-5-21-3623452270-2088294941-995359613-1003 - Administrator - Enabled) => C:\Users\venkat
__vmware_user__ (S-1-5-21-3623452270-2088294941-995359613-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
BitTorrent (HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3115 - CyberLink Corp.)
FlashGet 3.3 (HKLM-x32\...\FlashGet 3.3) (Version: 3.3.0.1092 - http://www.FlashGet.com)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.4.18.7 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{4E432692-A736-4F77-AF77-F9078CF88D31}) (Version: 3.50.11.2 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Java(TM) 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
PostgreSQL 9.6 (HKLM\...\PostgreSQL 9.6) (Version: 9.6 - PostgreSQL Global Development Group)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.2.0 - Adlice Software)
RPS CRT (x32 Version: 9.0.40 - Bell) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
TeamPostgreSQL 1.07 (HKLM-x32\...\0115-9748-2388-7305) (Version: 1.07 - Webworks SA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
VMware Workstation (HKLM-x32\...\{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}) (Version: 6.5.1.5078 - VMware, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM-x32\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

10-01-2017 15:57:07 JRT Pre-Junkware Removal
13-01-2017 00:29:15 Installed Sophos Virus Removal Tool.
13-01-2017 15:47:12 Removed VEX Programming Driver 64-bit.
13-01-2017 15:48:21 Removed PASW Statistics 18.
13-01-2017 16:18:11 Windows Modules Installer
13-01-2017 16:22:54 Removed Skype Click to Call
13-01-2017 16:31:38 Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
13-01-2017 16:53:27 Windows Modules Installer
13-01-2017 19:43:54 Windows Modules Installer
13-01-2017 20:14:18 Removed HP Setup
13-01-2017 21:47:29 Removed HP Support Assistant.
14-01-2017 22:04:18 Configured HP Quick Launch Buttons
14-01-2017 22:20:52 Configured HP Quick Launch Buttons

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-01-05 16:17 - 2017-01-10 21:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04C79267-0EC4-4985-882D-E7E935DB911B} - System32\Tasks\{F2F30F23-07ED-45A3-849C-B55476ECCFAF} => C:\Program Files (x86)\FirstClass\fcc32.exe
Task: {0E1DB523-5AB8-4747-85EA-BEEB91AA4867} - System32\Tasks\{E7958005-452C-41D7-9DF8-14E78BEBCCB6} => Chrome.exe http://ui.skype.com/ui/0/5.3.0.116....google-chrome:notoffered;ienotdefaultbrowser2
Task: {13F33A43-6318-47FD-A3C7-16E5BE070570} - System32\Tasks\{05D8699E-CC8C-47DF-99BE-26F68EB63901} => pcalua.exe -a F:\venkat\DATA\OracleXEClient.exe -d F:\venkat\DATA
Task: {1AA42887-21B2-4795-BF03-B9A3BD780FAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-07] (HP Inc.)
Task: {21D3B24C-5B7C-460F-B519-25DA61FEF396} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-08] (Hewlett-Packard)
Task: {3AB3CA47-0F53-487F-9244-90E5D4042065} - System32\Tasks\{EA460A63-A1D1-4BFF-AD39-98B87763B670} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-11-15] (Skype Technologies S.A.)
Task: {400A1DFE-1699-46DC-AD0E-AB676CE8C7D3} - System32\Tasks\{FAF9B758-61CE-4ECD-BF20-E49B8D2241F6} => pcalua.exe -a C:\Users\Apoorva\Downloads\Shockwave_Installer_Slim.exe -d C:\Users\Apoorva\Downloads
Task: {4ACE4019-02FA-4113-AAC4-5A1139E418F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {4B95C303-C0C1-4521-936B-3EB156890FAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {4D45399D-586E-42BF-BCD2-573CAB8B6119} - System32\Tasks\{6823A56D-DDC6-4B70-B152-0D965D06C1A3} => F:\adobe-master-cs4-keygen.exe
Task: {5309CFE5-ED98-40BB-B579-0914BAE25204} - System32\Tasks\{A86CC31E-76A7-4341-89DD-75CE59D7457D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -c -runfromtemp -l0x0009 -uninst -removeonly
Task: {53DF5D7F-66C9-4DE1-AE88-D45C11632981} - System32\Tasks\{97AE6B8B-F48F-4D2B-8286-745C193C3C2C} => F:\adobe-master-cs4-keygen.exe
Task: {65A3F676-92BC-4873-9F12-6B183064BC8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {761F6C41-F669-4B38-AB34-C0E89AB3028A} - System32\Tasks\{5FE19C52-A260-4A87-AC2C-1DB8E2FD4111} => pcalua.exe -a "C:\Program Files (x86)\Windows Live Safety Center\wlschost.exe" -c -Uninstall
Task: {7A746220-D1E7-4DE8-B7C1-2A98F0C76856} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-18] (Google Inc.)
Task: {7B23C974-6F2B-4C8D-9E6B-2F4593FB6682} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {80BBF6EC-4102-4BBA-B843-3A55F21260AA} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {84F43933-098E-4187-BC12-ED32FB2D859B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-10-11] (McAfee, Inc.)
Task: {8AC9B359-2774-4C42-945D-96972DDDD3C2} - System32\Tasks\{A62FE67E-04F7-4FA7-ADAE-6AAE7C264E12} => F:\adobe-master-cs4-keygen.exe
Task: {9315B6A8-3E47-463E-9AEF-7CA62B1EEDC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {A100F944-0708-46F3-B701-70A612F256F7} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {A8C5C8E1-A339-4625-9317-2950683F350F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {D2D44C00-FD62-4039-AE4B-FA5E4BF9C508} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D92E1664-B5CB-4742-B020-DA5C814F91B3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {DB481021-DDF9-4603-B123-946F004563B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DCDC0242-F5FE-48C2-8944-D77046A0C242} - System32\Tasks\{B6493AA2-6DCF-4DB4-8540-1313591AD2B7} => F:\adobe-master-cs4-keygen.exe
Task: {E3E4A235-E952-40C3-85FC-2789F325AAE5} - System32\Tasks\bak3033876k3033876 => C:\Program Files (x86)\leander\leander.exe
Task: {E633B6EB-CFDB-4ADB-A6AD-81F9206A1587} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {EF3D6DEF-1AE9-4A8B-8A71-6114B5E4CBF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-17] (Hewlett-Packard Company)
Task: {F5ED44E4-7C17-4D17-AC67-BD0DA4B35077} - System32\Tasks\{420B1986-45F9-4D13-9576-68D05B728CDD} => F:\adobe-master-cs4-keygen.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001Core.job => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623452270-2088294941-995359613-1001UA.job => C:\Users\Apoorva\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2017-01-07 13:43 - 2017-01-11 17:44 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-07-23 04:23 - 2010-03-15 00:58 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-11-27 12:55 - 2016-11-27 12:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3623452270-2088294941-995359613-1003\...\kuaiche.com -> hxxp://software.kuaiche.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3623452270-2088294941-995359613-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\venkat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AEFE6630-389E-44DF-82F3-9485A7A6FD6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{CD3BBA8F-D17B-418B-B56F-F8B2608FFAAB}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{3D774B82-31A0-4C83-881F-4A06ED7619BA}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{14C6C2AC-2EDB-4705-9A83-364F97376224}] => (Allow) C:\Users\Apoorva\Downloads\Bitcomet\BitComet.exe
FirewallRules: [{73288AF7-2806-4D81-A131-053D89D47F0C}] => (Allow) C:\Users\Apoorva\Downloads\Bitcomet\BitComet.exe
FirewallRules: [{47FC9419-5892-47CA-B917-915EA4362EA5}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{9F022428-26EC-44CC-A40F-F6E7C0191156}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{0C4814E0-119B-4F84-9444-7989C1985B37}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{F3DC371C-4528-494E-8DE9-5C35ED44EAD1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{46D10E6C-F4DC-4E78-9BCC-E9DAF8919A5F}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{F48B909D-B583-42E0-AF37-3197053845FA}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{7393CE50-32F0-48CC-A376-EC1B9F59E385}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{ADF450EF-2A82-4C17-AC44-006380307EC6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{01AD65CD-19EA-4FA8-A727-7F95AF4E8574}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DEE232A2-F0BE-4EB1-9E1C-0109C368E6EF}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{C5D0C97C-7162-477A-902E-C069810DF6C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{8662FEFB-4A27-4D64-A82D-73ABE4C1C88A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{6BF1A9AF-9E34-477A-8CF1-7B41546E1E47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{17ED5779-2164-46E0-8E9F-01A66A91DCF7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C4ED4A68-B3ED-4552-AC94-894659188A51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{BFCB4B69-A999-4840-8C2C-AE4A83A48F37}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{FF52AFEB-0A7E-4049-8FA6-745427DC305F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{EBB4F998-53A1-4361-AEAB-1CF260C6C585}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{68B26E8D-C2AF-40B9-8390-7F701DC8A6CA}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{16C4A618-F814-4845-8A60-0B4ECD8E8A32}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C7B04456-7990-43AA-B8F4-BB700129395B}] => (Allow) svchost.exe
FirewallRules: [{433D8BC5-FC16-444C-AF78-7A9630EC5976}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{9D896ACF-4069-49CF-850B-E29E594015F9}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe
FirewallRules: [{954892B4-46AF-43D2-8FC4-F2A27ED3F2FE}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe
FirewallRules: [{C8BC2726-ACC8-4AB4-A3B9-00762493D0F6}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{4FDCF821-2B16-45C3-9EA6-AE259B4E6764}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{4E82F33F-C870-44BA-8642-4D75868180E8}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{C1828FFF-05CF-488B-A7CE-EA3E54888C6E}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{B6B4FE57-8DE8-473E-89BE-BA346E80B818}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{EAFC6447-CCF0-4ACB-A4DB-6128764B0CB5}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{4DDB8838-4FB0-4C42-B881-A0B0BA19E0FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{197BDDFC-5E69-4551-ACB7-10CF33684645}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{F7C17022-D05C-4358-B584-6EAFC61F0590}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [UDP Query User{370E9F8A-6264-4DB5-BB55-E45F3E8C9FC2}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe] => (Block) C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe
FirewallRules: [{E3D44FAE-A6D8-4378-AA27-F55F0DAF83C4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A6CA6B5-C57A-4F0D-8D20-474FF804A814}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{D378E215-5A71-4506-80FF-6FA1BBFF9645}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{8609C6CF-FC48-4942-9D81-AA44483D2804}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{EDA7D9FD-3485-41A7-BAC7-7308CDC798F6}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{7B6AE310-337D-4302-858F-EDFD2E2D8F24}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{2C0FE087-8539-4604-A7AD-492226CCA3A4}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{E4E5E4BE-AFB3-4BE3-B4DA-9F8A65AA78BB}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{CB34981A-B7C8-4CF5-B04D-DB2B898FCE79}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{94A7E039-4028-4F49-A11D-00E709D996C2}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{FF753986-7706-4B2C-A39C-9C96EB1FE880}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
FirewallRules: [{8EA72A0D-BD79-4ED2-8BF5-4C2737B06E0E}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{729F16B0-117F-493A-B125-AE2D36AA2B2C}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe
FirewallRules: [{D5A1A7A3-074D-4010-8152-848D7772DA60}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{4B8026D1-DC47-4723-A2EB-5702476D268E}] => (Allow) C:\Windows\System32\lxcycoms.exe
FirewallRules: [{893F4CF6-6E71-4140-B976-65E37B87C634}] => (Allow) LPort=135
FirewallRules: [{4723771B-437C-4765-95FA-278C9E7E0455}] => (Allow) LPort=5000
FirewallRules: [{98FAB258-07BE-462B-BD2D-C99E621C7463}] => (Allow) LPort=5001
FirewallRules: [{337E4CE1-CD3D-414A-B956-5BCD0DDFA588}] => (Allow) LPort=5002
FirewallRules: [{D1B32D62-5643-44C2-8237-9ECEC69FA6F5}] => (Allow) LPort=5003
FirewallRules: [{AAB6F790-7E12-42B4-AA84-8B7D5DBBD127}] => (Allow) LPort=5004
FirewallRules: [{40505419-B36F-4ED9-99E1-333C30352BBE}] => (Allow) LPort=5005
FirewallRules: [{79F935B9-5F45-4749-B1E9-46B53833A916}] => (Allow) LPort=5006
FirewallRules: [{9B1C853D-5AF9-4398-8790-F33A30F41CC9}] => (Allow) LPort=5007
FirewallRules: [{7A7DD6BE-A3FD-466B-8AEF-B6EF42656EAA}] => (Allow) LPort=5008
FirewallRules: [{BF392420-ABB5-4021-A31B-11959EA4D6F4}] => (Allow) LPort=5009
FirewallRules: [{E4E85B71-49EE-4C9E-8386-FFA06766BB02}] => (Allow) LPort=5010
FirewallRules: [{79C52F32-7ABB-4A07-8B95-763A4AA511AD}] => (Allow) LPort=5011
FirewallRules: [{F746FA93-DB05-42A5-8AEC-F2ED445AB863}] => (Allow) LPort=5012
FirewallRules: [{98EC8327-FA6C-4DCC-AA5B-F2BBF58BCE12}] => (Allow) LPort=5013
FirewallRules: [{24D4CA68-6B12-417E-955A-8F05673BDD37}] => (Allow) LPort=5014
FirewallRules: [{E5D31E9E-DFFD-4A4B-A73B-E7D856740894}] => (Allow) LPort=5015
FirewallRules: [{39F739A5-8154-4D47-9F08-AF4D754ED623}] => (Allow) LPort=5016
FirewallRules: [{A4C08BDE-D1AA-48A8-A116-8662DD488E14}] => (Allow) LPort=5017
FirewallRules: [{D2A12F58-F605-4230-90FB-6856FDD8CA2C}] => (Allow) LPort=5018
FirewallRules: [{ACD18103-2A45-435F-BB0A-35DC7EB216BE}] => (Allow) LPort=5019
FirewallRules: [{D515A646-46D6-45B5-8D82-ABE09399B6A3}] => (Allow) LPort=5020
FirewallRules: [{90D50485-A642-4384-B7FA-98D91C227441}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{5790F44F-371D-45A6-89D7-52200AE8ED1F}] => (Allow) C:\Users\venkat\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{27E47AA8-1635-451E-9B12-6D3B39F0FB7C}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0E8E89E2-E554-4C77-8774-25C0619E5E1A}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8873BAFF-3CE1-4F6C-8D2F-D41F2A936F60}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4A845098-E8BF-4FB5-879E-ABDC2EAA4C24}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{01222CD2-A8E5-47D6-8622-79FB6885A97B}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BE191360-1E8D-40FC-A910-673F07745296}] => (Allow) C:\Users\venkat\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1267A1C0-8A4B-490B-8BF2-CDD32655589E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{8AF4AB71-B2CC-46DE-8C86-4D9D2A8BD1B3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{3A2BE009-AD59-49F2-8788-61AE5F20B5DC}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{3CE1E5FE-7010-4290-96EE-2B1B9E36D19F}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [TCP Query User{D5D0CA2B-67BE-46FB-9633-8327688037E0}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{00EDC32E-363B-4443-87C3-29495E6499D4}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{69ED8510-C0D7-4FE0-9B70-4C47219A27EB}C:\program files (x86)\teampostgresql\misc\teampostgresql.exe] => (Allow) C:\program files (x86)\teampostgresql\misc\teampostgresql.exe
FirewallRules: [UDP Query User{5223A622-1565-4093-89D5-AFD8738D2ED2}C:\program files (x86)\teampostgresql\misc\teampostgresql.exe] => (Allow) C:\program files (x86)\teampostgresql\misc\teampostgresql.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2017 09:27:32 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: Timed out waiting for server startup

Error: (01/13/2017 04:14:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/13/2017 04:14:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/13/2017 04:14:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/13/2017 10:36:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SVRTservice.exe, version: 2.5.6.0, time stamp: 0x57a08f4f
Faulting module name: control.dll, version: 2.5.6.0, time stamp: 0x57a08f38
Exception code: 0xc00000fd
Fault offset: 0x00111600
Faulting process id: 0x404
Faulting application start time: 0xSVRTservice.exe0
Faulting application path: SVRTservice.exe1
Faulting module path: SVRTservice.exe2
Report Id: SVRTservice.exe3

Error: (01/12/2017 09:42:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.0.0.865, time stamp: 0x584ee8a0
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x5849a1dc
Exception code: 0xc0000005
Fault offset: 0x00192cf1
Faulting process id: 0x11b0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Apoorva-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Apoorva-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Apoorva-PC)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.

Error: (01/11/2017 01:10:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\venkat\ntuser.dat


System errors:
=============
Error: (01/14/2017 11:33:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/14/2017 11:33:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/14/2017 11:33:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/14/2017 11:33:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/14/2017 11:33:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/14/2017 11:33:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/14/2017 11:33:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/14/2017 11:33:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/14/2017 11:33:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/14/2017 11:33:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
Date: 2017-01-14 23:31:44.317
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-14 23:31:44.192
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-14 22:31:58.869
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-14 22:31:58.729
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-14 22:26:51.189
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-14 22:26:51.064
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-14 22:08:23.408
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-14 22:08:23.283
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-14 21:30:51.302
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-14 21:30:49.929
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HpqKbFiltr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 29%
Total physical RAM: 3999.19 MB
Available physical RAM: 2813.16 MB
Total Virtual: 7996.56 MB
Available Virtual: 6864.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.41 GB) (Free:120.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.49 GB) (Free:2.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 098B9E73)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Process CPU Private Bytes Working Set PID Description Company Name Command Line
System Idle Process 97.45 0 K 24 K 0
System 0.04 332 K 10,116 K 4
Interrupts 0.54 0 K 0 K n/a Hardware Interrupts and DPCs
smss.exe 440 K 1,092 K 264 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 1,876 K 3,820 K 340 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe 1,388 K 4,380 K 376 Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe < 0.01 3,364 K 6,616 K 444 Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 4,020 K 8,816 K 592 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
WmiPrvSE.exe 2,648 K 6,180 K 448 WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
svchost.exe 2,708 K 6,064 K 668 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
MsMpEng.exe < 0.01 81,880 K 50,860 K 716 Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
svchost.exe 6,936 K 9,596 K 848 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe 0.01 10,760 K 17,292 K 880 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe < 0.01 7,892 K 5,896 K 944 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
MBAMService.exe < 0.01 24,768 K 40,400 K 984 Malwarebytes Service Malwarebytes "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
lsass.exe 2,988 K 8,920 K 452 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 2,404 K 4,084 K 460 Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 0.54 2,260 K 5,716 K 388 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 1,696 K 5,292 K 500 Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 0.03 45,908 K 58,112 K 1540 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
ctfmon.exe 1,960 K 4,148 K 1632 CTF Loader Microsoft Corporation ctfmon.exe
procexp64.exe 0.52 16,912 K 33,288 K 1316 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\venkat\Desktop\ProcessExplorer\procexp64.exe"
osk.exe 0.87 5,232 K 12,228 K 1672 Accessibility On-Screen Keyboard Microsoft Corporation "C:\Windows\System32\osk.exe"
 
Aha. In Safe Mode CPU usage is normal.
Restart in normal mode and...

Go Start>Run (Start Search in Vista/7), type in:
msconfig
Click OK (hit Enter in Vista/7).
Windows 8/8.1 users. Press Windows logo key
aa922834-ed43-40f1-8830-d5507badb56c_91.jpg
and start typing the following:
msconfig
Press Enter.

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Generate fresh PE log.
 
Process CPU Private Bytes Working Set PID Description Company Name Command Line
System Idle Process 13.40 0 K 24 K 0
System 0.14 192 K 624 K 4
Interrupts 0.51 0 K 0 K n/a Hardware Interrupts and DPCs
smss.exe 436 K 468 K 280 Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe < 0.01 1,956 K 2,160 K 388 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
conhost.exe 876 K 604 K 1236 Console Window Host Microsoft Corporation \??\C:\Windows\system32\conhost.exe "1393710062-15814177931220979305-19677013391101874342-1442590217183087757216952
wininit.exe 1,476 K 892 K 440 Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe 5,948 K 5,112 K 544 Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 4,156 K 4,276 K 664 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
WmiPrvSE.exe 2,964 K 3,828 K 2232 WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
WmiPrvSE.exe 3,464 K 7,956 K 2884 WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
svchost.exe < 0.01 3,684 K 3,932 K 744 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
MsMpEng.exe 27.37 114,972 K 91,292 K 820 Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
svchost.exe 18,224 K 10,544 K 916 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 16,260 K 13,884 K 436 Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x2e0
svchost.exe 167,004 K 158,872 K 956 Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
wlanext.exe 1,920 K 2,012 K 1216 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation C:\Windows\system32\WLANExt.exe 4684096
dwm.exe 0.25 53,048 K 21,920 K 2456 Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe < 0.01 6,428 K 5,780 K 988 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 49.02 1,607,500 K 1,313,692 K 1012 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 1,972 K 3,252 K 2404 Task Scheduler Engine Microsoft Corporation taskeng.exe {CD457725-F166-4236-9A50-DD2BB5164F8A}
taskeng.exe < 0.01 1,992 K 5,132 K 3816 Task Scheduler Engine Microsoft Corporation taskeng.exe {8D753F40-8A85-4951-AE68-01990BA99504}
ActiveHealth.exe 7.92 38,000 K 46,192 K 3848 HP Active Health HP Inc. "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe" -source HPSA
taskeng.exe 1,772 K 4,908 K 816 Task Scheduler Engine Microsoft Corporation taskeng.exe {7B0B0D6B-5DB3-44B2-8AA2-46F7D4F838DC}
svchost.exe < 0.01 15,144 K 8,004 K 1072 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
spoolsv.exe 6,460 K 3,188 K 1312 Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe 14,028 K 7,616 K 1340 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 6,392 K 5,700 K 1488 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
svchost.exe 1,320 K 812 K 1512 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k HsfXAudioService
SeaPort.exe 4,136 K 3,680 K 1752 Microsoft SeaPort Search Enhancement Broker Microsoft Corporation "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
vmnat.exe < 0.01 1,360 K 1,056 K 1840 VMware NAT Service VMware, Inc. C:\Windows\SysWOW64\vmnat.exe
vmnetdhcp.exe 1,192 K 964 K 1888 VMware VMnet DHCP service VMware, Inc. C:\Windows\SysWOW64\vmnetdhcp.exe
taskhost.exe < 0.01 7,724 K 4,700 K 2352 Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
NisSrv.exe 15,700 K 9,240 K 2604 Microsoft Network Realtime Inspection Service Microsoft Corporation "c:\Program Files\Microsoft Security Client\NisSrv.exe"
SearchIndexer.exe < 0.01 32,024 K 14,268 K 2624 Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe < 0.01 2,796 K 7,464 K 3516 Microsoft Windows Search Protocol Host Microsoft Corporation "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
SearchFilterHost.exe 1,804 K 4,804 K 3884 Microsoft Windows Search Filter Host Microsoft Corporation "C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
wmpnetwk.exe 0.01 15,296 K 6,064 K 2908 Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
TrustedInstaller.exe 2,780 K 6,484 K 2196 Windows Modules Installer Microsoft Corporation C:\Windows\servicing\TrustedInstaller.exe
svchost.exe 1,516 K 4,096 K 2848 Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k SDRSVC
HPSupportSolutionsFrameworkService.exe < 0.01 48,716 K 43,252 K 3988 HP Support Solutions Framework Service Hewlett-Packard Company "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
lsass.exe 0.27 3,924 K 6,040 K 552 Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 2,412 K 2,012 K 560 Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 0.05 2,216 K 5,984 K 456 Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 2,740 K 1,628 K 504 Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 0.02 41,684 K 38,340 K 2484 Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
SynTPEnh.exe < 0.01 3,604 K 3,328 K 2772 Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
SynTPHelper.exe 1,184 K 1,264 K 2272 Synaptics Pointing Device Helper Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
procexp64.exe 1.02 19,908 K 35,692 K 2964 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\venkat\Desktop\ProcessExplorer\procexp64.exe"
QLBCtrl.exe 2,444 K 5,100 K 2140 Quick Launch Buttons Hewlett-Packard Development Company, L.P. "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
 
Last edited:
This is not good.
Go back to "msconfig" and reverse all changes.

I'm not sure what's going on here.
At this point...

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
  • Like
Reactions: venkatbollu
That makes sense Broni. Thanks a lot for your help. I could really feel the difference now. Only one question from my side, an I unistall malwarebytes which is frequently asking me to renew or activate to premium and other tools we installed as part of clean up like Roguekiller and MSE. I will install Mcafee back in my system as I still has license for sometime.
 
Step 1 below will remove most tools we used.
Remove the rest manually...

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.
 
Thanks for your help Broni, I feel much better with the laptop now except that CPU Usage which someone says cant be fixed. But there should be something to fix it as there is no hardware issue as of now. I am now not installing even chrome using a portable version of chrome. May be I should check if such things are available for few tools I am using to make this even better.
 
As I said before...

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
You must log in or register to reply here.

Similar threads

Turkeychopio
Solved Unknown process taking up RAM
Replies
8
Views
2K
Broni
Broni
midian182
Google is increasing the number of ads in Gmail, showing them in the middle of inboxes
Replies
12
Views
726
jelabarre59
J
A
Adobe's new audio AI tool can isolate voices and other sounds in recordings
Replies
0
Views
277
Alfonso Maruccia
A

Latest posts

Back