Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by Rohan (administrator) on 15-3542 (29-09-2015 18:56:03)
Running from C:\Users\Rohan\Desktop
Loaded Profiles: Rohan (Available Profiles: Rohan)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\AbtSvcHost_.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
() C:\Users\Rohan\AppData\Local\Temp\msupdate71\dwm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806000 2014-01-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-14] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-31] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487561 2010-08-11] (Creative Technology Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [GoogleChromeAutoLaunch_AAE9DCB2F2146D6A0245F7C8BCEFCD32] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-24] (Google Inc.)
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\Rohan\AppData\Local\Temp\mdi264.dll,dalmat <===== ATTENTION
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msnoimtum.exe <===== ATTENTION
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-18\...\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
Startup: C:\Users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2015-09-24]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A183545B-D8EC-4C51-85CA-0EC23DE65810}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> OldSearch URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MB2A96FCF-3E5A-49A5-A0B0-B6A42A144B64&SearchSource=58&CUI=&UM=8&UP=SP31AC7359-8CAA-4445-A515-7CFB40DDFD1A&q={searchTerms}&SSPV=SP22011TB_sp_ie
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_15_03_other&cd=2XzuyEtN2Y1L1Qzu0CtDtAzzzyyCyD0CtBzyyEyCtC0C0FzytN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtB0FtBzy0EyD0CtGzzyCzyzytG0E0AyEzytGzytDtCyEtGyDyDyE0ByD0DyD0AzytB0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtDtAzztCzztByBtG0CtB0D0CtGyE0B0DzytGzytB0EyEtGtA0ByEzytByCtCyByCyBzz0E2Q&cr=862411700&ir=
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.in/
CHR StartupUrls: Default -> "hxxps://www.google.co.in/"
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&from=kint1&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www.oursurfing.com
CHR DefaultSuggestURL: Default -> hxxp://www.dealhub.club/oursurfing/suggest.php?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-17]
CHR Extension: (Replace New Tab Page) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja [2015-09-11]
CHR Extension: (SiteAdvisor) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-09]
CHR Extension: (AdBlock) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (OurSurfing) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljhaejgjpehlnjnejmigjonkchjadnnp [2015-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AbtSvcHost; C:\Windows\SysWOW64\AbtSvcHost_.exe [84376 2014-06-11] (Absolute Software Corp.)
S2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [5457920 2012-09-24] (ANSYS, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-05] (Nero AG) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [51848 2012-09-13] (Mentor Graphics Corporation) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-01-24] (SolidWorks) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-10-15] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-05-13] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U2 McMPFSvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
CompanyName} ) C:\Users\Rohan\Downloads\RecoverMyFiles-Setup.exe
2015-09-29 18:56 - 2015-09-29 18:56 - 00026088 _____ C:\Users\Rohan\Desktop\FRST.txt
2015-09-29 18:55 - 2015-09-29 18:56 - 00000000 ____D C:\FRST
2015-09-29 18:55 - 2015-09-29 18:55 - 02192384 _____ (Farbar) C:\Users\Rohan\Desktop\FRST64.exe
2015-09-29 11:56 - 2015-09-29 18:13 - 00000167 _____ C:\ProgramData\SMartCallMonitorEvent.xml
2015-09-29 11:55 - 2015-09-29 11:55 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-09-29 11:54 - 2015-09-29 11:54 - 00000000 ____H C:\ProgramData\cm-lock
2015-09-29 02:06 - 2015-09-29 02:06 - 00094998 _____ C:\Users\Rohan\Downloads\[kat.cr]quantico.s01e01.720p.hdtv.x264.dimension.rartv.torrent
2015-09-28 23:44 - 2015-09-29 15:01 - 00002790 _____ C:\Windows\setupact.log
2015-09-28 23:44 - 2015-09-28 23:44 - 00008842 _____ C:\Windows\PFRO.log
2015-09-28 23:44 - 2015-09-28 23:44 - 00000000 _____ C:\Windows\setuperr.log
2015-09-28 18:42 - 2015-09-28 18:44 - 08614046 _____ C:\Users\Rohan\Downloads\CAPTCHA_Cracking-2015-09-28 (1).zip
2015-09-28 13:35 - 2015-09-28 13:37 - 08614040 _____ C:\Users\Rohan\Downloads\CAPTCHA_Cracking-2015-09-28.zip
2015-09-27 20:31 - 2015-09-27 20:31 - 00097814 _____ C:\Users\Rohan\Downloads\OCR.zip
2015-09-27 20:22 - 2015-09-27 20:22 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Subversion
2015-09-27 20:22 - 2015-09-27 20:22 - 00000000 ____D C:\Users\Rohan\AppData\Local\MathWorks
2015-09-27 19:23 - 2015-09-27 19:23 - 00000767 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2014a.lnk
2015-09-27 19:23 - 2015-09-27 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2015-09-27 19:22 - 2015-09-29 13:05 - 00000490 _____ C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2015-09-27 19:22 - 2015-09-27 19:22 - 00003668 _____ C:\Windows\System32\Tasks\MATLAB R2014a Startup Accelerator
2015-09-27 19:22 - 2015-09-27 19:22 - 00000000 ____D C:\ProgramData\MathWorks
2015-09-27 18:03 - 2015-09-27 18:03 - 00600220 _____ C:\Users\Rohan\Downloads\MathworksMatlabR2014a-CYGiSO.rar
2015-09-27 17:43 - 2015-09-28 18:49 - 00000000 ____D C:\Users\Rohan\Documents\MATLAB
2015-09-27 17:43 - 2015-09-27 17:43 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\MathWorks
2015-09-27 16:47 - 2015-09-27 16:48 - 03393608 _____ (Lucky Driver LLC) C:\Users\Rohan\Downloads\Matlab_R2014a_X64_serial_key_gen_downloader.exe
2015-09-27 15:14 - 2015-02-27 23:14 - 00000048 _____ C:\Users\Rohan\Downloads\FILE_ID.DIZ
2015-09-27 15:14 - 2015-02-27 14:16 - 00010535 _____ C:\Users\Rohan\Downloads\TSRh.nfo
2015-09-27 15:14 - 2015-02-27 13:43 - 00407956 _____ C:\Users\Rohan\Downloads\Mathworks.Matlab.R2014a.Cygiso.keygen.exe
2015-09-27 15:13 - 2015-09-27 15:13 - 00320764 _____ C:\Users\Rohan\Downloads\Mathworks.Matlab.R2014a.Cygiso.keygen.exe.zip
2015-09-27 15:10 - 2015-09-27 15:10 - 00000000 ____D C:\Program Files\MATLAB
2015-09-26 15:58 - 2015-09-27 02:10 - 00015382 ____H C:\Users\Rohan\Desktop\~WRL0003.tmp
2015-09-25 17:24 - 2015-09-25 17:24 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\PowerISO
2015-09-24 21:06 - 2015-09-24 21:12 - 09053487 _____ C:\Users\Rohan\Downloads\YU-Yureka-RootFiles.zip
2015-09-24 20:27 - 2015-09-24 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2015-09-24 18:14 - 2015-09-24 18:14 - 00039882 _____ C:\Users\Rohan\Downloads\[limetorrents.cc]Matlab.R2014a..8.03..Windows.x32.64.[2014..ENG].torrent
2015-09-20 12:48 - 2015-09-21 20:38 - 00000000 ____D C:\Users\Rohan\Desktop\New folder
2015-09-19 16:40 - 2015-09-19 16:43 - 11113044 _____ (Igor Pavlov) C:\Users\Rohan\Downloads\cstrike.exe
2015-09-19 16:31 - 2015-09-19 16:44 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6
2015-09-19 12:42 - 2015-09-19 12:42 - 00524683 _____ C:\Users\Rohan\Desktop\A3_1215041_Manufacturing Systems.pptx
2015-09-19 12:31 - 2015-09-19 12:31 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2015-09-19 12:23 - 2015-09-19 12:28 - 34345088 _____ ({code:GDConstant
2015-09-19 11:39 - 2015-09-19 11:39 - 00001658 _____ C:\Users\Rohan\Desktop\Recuva.lnk
2015-09-19 11:39 - 2015-09-19 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-09-19 11:39 - 2015-09-19 11:39 - 00000000 ____D C:\Program Files\Recuva
2015-09-19 11:38 - 2015-09-19 11:39 - 04426120 _____ (Piriform Ltd) C:\Users\Rohan\Downloads\rcsetup152.exe
2015-09-18 12:42 - 2015-09-18 12:43 - 00102541 ____N C:\Windows\SysWOW64\abtsvchost.xml
2015-09-18 12:42 - 2014-06-11 23:08 - 00084376 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\AbtSvcHost_.exe
2015-09-12 00:56 - 2015-09-12 00:58 - 09036267 _____ C:\Users\Rohan\Downloads\Drama.mp4
2015-09-10 23:59 - 2015-09-28 19:57 - 00000000 ____D C:\ProgramData\Norton
2015-09-09 23:57 - 2015-09-09 23:57 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-08-31 08:40 - 2015-08-31 08:46 - 00000000 ___RD C:\Users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-29 18:54 - 2015-01-09 03:43 - 01583228 _____ C:\Windows\WindowsUpdate.log
2015-09-29 18:53 - 2015-01-10 08:21 - 00002112 _____ C:\ProgramData\netsh.out
2015-09-29 18:47 - 2015-01-09 05:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-29 18:13 - 2009-07-14 10:15 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-29 18:13 - 2009-07-14 10:15 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-29 18:08 - 2015-01-10 09:52 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-29 18:08 - 2015-01-10 08:21 - 00000231 _____ C:\ProgramData\SmartCallConfig.xml
2015-09-29 15:47 - 2015-01-09 05:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-29 15:35 - 2009-07-14 10:43 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-29 11:55 - 2015-01-09 06:57 - 00003486 _____ C:\Windows\System32\Tasks\AutoKMS
2015-09-29 11:54 - 2015-01-21 21:16 - 00000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-29 11:54 - 2015-01-09 07:32 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2015-09-29 11:54 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 05:42 - 2015-07-17 19:25 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\uTorrent
2015-09-28 23:44 - 2015-02-05 17:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-28 23:44 - 2015-02-05 17:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-28 19:29 - 2015-01-09 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-09-28 19:29 - 2015-01-09 07:04 - 00000000 ____D C:\Program Files (x86)\Acro Software
2015-09-28 19:21 - 2015-08-15 23:39 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\IDM
2015-09-28 19:21 - 2015-05-13 12:19 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\DAEMON Tools Lite
2015-09-28 19:21 - 2015-01-15 21:58 - 00000000 ____D C:\Users\Rohan\AppData\Local\CrashDumps
2015-09-28 18:47 - 2015-01-09 05:53 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-28 18:40 - 2015-08-11 12:35 - 00000000 ____D C:\Users\Rohan\Desktop\CAPTCHA Cracking
2015-09-28 18:39 - 2015-01-10 08:19 - 00000192 _____ C:\ProgramData\2012.par
2015-09-27 21:17 - 2009-07-14 10:38 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-27 16:27 - 2015-07-30 13:06 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-09-27 16:24 - 2015-01-09 06:18 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-27 00:20 - 2015-01-09 05:43 - 00000000 ____D C:\ProgramData\McAfee
2015-09-26 09:55 - 2015-03-25 00:35 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Skype
2015-09-26 01:36 - 2015-07-22 00:38 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-09-24 20:27 - 2015-08-07 22:11 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2015-09-24 18:15 - 2015-08-17 22:40 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\ApexDC++
2015-09-21 21:02 - 2015-04-15 16:34 - 00000000 ____D C:\Users\Rohan\Desktop\AIESEC
2015-09-21 20:31 - 2015-01-09 06:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-20 13:12 - 2015-01-09 09:27 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Adobe
2015-09-19 16:44 - 2015-01-09 03:43 - 00000000 ____D C:\Users\Rohan\AppData\Local\VirtualStore
2015-09-19 12:38 - 2015-01-09 03:43 - 00000000 ____D C:\Users\Rohan
2015-09-16 01:48 - 2015-01-24 16:33 - 00000000 ____D C:\Users\Rohan\AppData\Local\TempSWBackupDirectory
2015-09-16 01:10 - 2015-01-24 15:32 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\SolidWorks
2015-09-15 15:42 - 2015-01-09 05:46 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 15:42 - 2015-01-09 05:46 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-12 16:57 - 2015-01-09 05:46 - 00000000 ____D C:\Users\Rohan\AppData\Local\Google
2015-09-01 16:14 - 2015-01-09 04:27 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Atheros
2015-08-31 08:47 - 2015-01-09 04:19 - 00000000 ____D C:\Users\Rohan\Documents\Bluetooth Folder
==================== Files in the root of some directories =======
2015-01-12 21:15 - 2015-07-06 18:01 - 0007680 _____ () C:\Users\Rohan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-09 07:30 - 2015-05-28 15:51 - 7990216 _____ (Absolute Software Corp.) C:\Users\Rohan\AppData\Local\Setup.exe
2015-01-10 08:19 - 2015-09-28 18:39 - 0000192 _____ () C:\ProgramData\2012.par
2015-01-09 07:37 - 2015-05-06 20:37 - 0001856 __RSH () C:\ProgramData\3014.abs
2014-11-17 23:32 - 2014-11-17 23:32 - 0000003 _____ () C:\ProgramData\AbsoluteNotifier.txt
2015-09-29 11:54 - 2015-09-29 11:54 - 0000000 ____H () C:\ProgramData\cm-lock
2015-01-09 04:28 - 2015-01-09 04:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-10 08:21 - 2015-09-29 18:53 - 0002112 _____ () C:\ProgramData\netsh.out
2015-01-10 08:21 - 2015-09-29 18:08 - 0000231 _____ () C:\ProgramData\SmartCallConfig.xml
2015-09-29 11:56 - 2015-09-29 18:13 - 0000167 _____ () C:\ProgramData\SMartCallMonitorEvent.xml
Some files in TEMP:
====================
C:\Users\Rohan\AppData\Local\Temp\mdi264.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-24 23:07
==================== End of FRST.txt ============================
Ran by Rohan (administrator) on 15-3542 (29-09-2015 18:56:03)
Running from C:\Users\Rohan\Desktop
Loaded Profiles: Rohan (Available Profiles: Rohan)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\AbtSvcHost_.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
() C:\Users\Rohan\AppData\Local\Temp\msupdate71\dwm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2806000 2014-01-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-14] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-31] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487561 2010-08-11] (Creative Technology Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [GoogleChromeAutoLaunch_AAE9DCB2F2146D6A0245F7C8BCEFCD32] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-24] (Google Inc.)
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\Rohan\AppData\Local\Temp\mdi264.dll,dalmat <===== ATTENTION
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msnoimtum.exe <===== ATTENTION
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-18\...\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
Startup: C:\Users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2015-09-24]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A183545B-D8EC-4C51-85CA-0EC23DE65810}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> OldSearch URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MB2A96FCF-3E5A-49A5-A0B0-B6A42A144B64&SearchSource=58&CUI=&UM=8&UP=SP31AC7359-8CAA-4445-A515-7CFB40DDFD1A&q={searchTerms}&SSPV=SP22011TB_sp_ie
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://in.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_15_03_other&cd=2XzuyEtN2Y1L1Qzu0CtDtAzzzyyCyD0CtBzyyEyCtC0C0FzytN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtB0FtBzy0EyD0CtGzzyCzyzytG0E0AyEzytGzytDtCyEtGyDyDyE0ByD0DyD0AzytB0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtDtAzztCzztByBtG0CtB0D0CtGyE0B0DzytGzytB0EyEtGtA0ByEzytByCtCyByCyBzz0E2Q&cr=862411700&ir=
SearchScopes: HKU\S-1-5-21-1899591628-1257761022-1329165971-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-22] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.in/
CHR StartupUrls: Default -> "hxxps://www.google.co.in/"
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&from=kint1&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www.oursurfing.com
CHR DefaultSuggestURL: Default -> hxxp://www.dealhub.club/oursurfing/suggest.php?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-17]
CHR Extension: (Replace New Tab Page) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja [2015-09-11]
CHR Extension: (SiteAdvisor) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-01-09]
CHR Extension: (AdBlock) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (OurSurfing) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljhaejgjpehlnjnejmigjonkchjadnnp [2015-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1899591628-1257761022-1329165971-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AbtSvcHost; C:\Windows\SysWOW64\AbtSvcHost_.exe [84376 2014-06-11] (Absolute Software Corp.)
S2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [5457920 2012-09-24] (ANSYS, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-22] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-05] (Nero AG) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [51848 2012-09-13] (Mentor Graphics Corporation) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-01-24] (SolidWorks) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-10-15] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-05-13] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U2 McMPFSvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
CompanyName} ) C:\Users\Rohan\Downloads\RecoverMyFiles-Setup.exe
2015-09-29 18:56 - 2015-09-29 18:56 - 00026088 _____ C:\Users\Rohan\Desktop\FRST.txt
2015-09-29 18:55 - 2015-09-29 18:56 - 00000000 ____D C:\FRST
2015-09-29 18:55 - 2015-09-29 18:55 - 02192384 _____ (Farbar) C:\Users\Rohan\Desktop\FRST64.exe
2015-09-29 11:56 - 2015-09-29 18:13 - 00000167 _____ C:\ProgramData\SMartCallMonitorEvent.xml
2015-09-29 11:55 - 2015-09-29 11:55 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-09-29 11:54 - 2015-09-29 11:54 - 00000000 ____H C:\ProgramData\cm-lock
2015-09-29 02:06 - 2015-09-29 02:06 - 00094998 _____ C:\Users\Rohan\Downloads\[kat.cr]quantico.s01e01.720p.hdtv.x264.dimension.rartv.torrent
2015-09-28 23:44 - 2015-09-29 15:01 - 00002790 _____ C:\Windows\setupact.log
2015-09-28 23:44 - 2015-09-28 23:44 - 00008842 _____ C:\Windows\PFRO.log
2015-09-28 23:44 - 2015-09-28 23:44 - 00000000 _____ C:\Windows\setuperr.log
2015-09-28 18:42 - 2015-09-28 18:44 - 08614046 _____ C:\Users\Rohan\Downloads\CAPTCHA_Cracking-2015-09-28 (1).zip
2015-09-28 13:35 - 2015-09-28 13:37 - 08614040 _____ C:\Users\Rohan\Downloads\CAPTCHA_Cracking-2015-09-28.zip
2015-09-27 20:31 - 2015-09-27 20:31 - 00097814 _____ C:\Users\Rohan\Downloads\OCR.zip
2015-09-27 20:22 - 2015-09-27 20:22 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Subversion
2015-09-27 20:22 - 2015-09-27 20:22 - 00000000 ____D C:\Users\Rohan\AppData\Local\MathWorks
2015-09-27 19:23 - 2015-09-27 19:23 - 00000767 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2014a.lnk
2015-09-27 19:23 - 2015-09-27 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2015-09-27 19:22 - 2015-09-29 13:05 - 00000490 _____ C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2015-09-27 19:22 - 2015-09-27 19:22 - 00003668 _____ C:\Windows\System32\Tasks\MATLAB R2014a Startup Accelerator
2015-09-27 19:22 - 2015-09-27 19:22 - 00000000 ____D C:\ProgramData\MathWorks
2015-09-27 18:03 - 2015-09-27 18:03 - 00600220 _____ C:\Users\Rohan\Downloads\MathworksMatlabR2014a-CYGiSO.rar
2015-09-27 17:43 - 2015-09-28 18:49 - 00000000 ____D C:\Users\Rohan\Documents\MATLAB
2015-09-27 17:43 - 2015-09-27 17:43 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\MathWorks
2015-09-27 16:47 - 2015-09-27 16:48 - 03393608 _____ (Lucky Driver LLC) C:\Users\Rohan\Downloads\Matlab_R2014a_X64_serial_key_gen_downloader.exe
2015-09-27 15:14 - 2015-02-27 23:14 - 00000048 _____ C:\Users\Rohan\Downloads\FILE_ID.DIZ
2015-09-27 15:14 - 2015-02-27 14:16 - 00010535 _____ C:\Users\Rohan\Downloads\TSRh.nfo
2015-09-27 15:14 - 2015-02-27 13:43 - 00407956 _____ C:\Users\Rohan\Downloads\Mathworks.Matlab.R2014a.Cygiso.keygen.exe
2015-09-27 15:13 - 2015-09-27 15:13 - 00320764 _____ C:\Users\Rohan\Downloads\Mathworks.Matlab.R2014a.Cygiso.keygen.exe.zip
2015-09-27 15:10 - 2015-09-27 15:10 - 00000000 ____D C:\Program Files\MATLAB
2015-09-26 15:58 - 2015-09-27 02:10 - 00015382 ____H C:\Users\Rohan\Desktop\~WRL0003.tmp
2015-09-25 17:24 - 2015-09-25 17:24 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\PowerISO
2015-09-24 21:06 - 2015-09-24 21:12 - 09053487 _____ C:\Users\Rohan\Downloads\YU-Yureka-RootFiles.zip
2015-09-24 20:27 - 2015-09-24 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2015-09-24 18:14 - 2015-09-24 18:14 - 00039882 _____ C:\Users\Rohan\Downloads\[limetorrents.cc]Matlab.R2014a..8.03..Windows.x32.64.[2014..ENG].torrent
2015-09-20 12:48 - 2015-09-21 20:38 - 00000000 ____D C:\Users\Rohan\Desktop\New folder
2015-09-19 16:40 - 2015-09-19 16:43 - 11113044 _____ (Igor Pavlov) C:\Users\Rohan\Downloads\cstrike.exe
2015-09-19 16:31 - 2015-09-19 16:44 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6
2015-09-19 12:42 - 2015-09-19 12:42 - 00524683 _____ C:\Users\Rohan\Desktop\A3_1215041_Manufacturing Systems.pptx
2015-09-19 12:31 - 2015-09-19 12:31 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2015-09-19 12:23 - 2015-09-19 12:28 - 34345088 _____ ({code:GDConstant
2015-09-19 11:39 - 2015-09-19 11:39 - 00001658 _____ C:\Users\Rohan\Desktop\Recuva.lnk
2015-09-19 11:39 - 2015-09-19 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-09-19 11:39 - 2015-09-19 11:39 - 00000000 ____D C:\Program Files\Recuva
2015-09-19 11:38 - 2015-09-19 11:39 - 04426120 _____ (Piriform Ltd) C:\Users\Rohan\Downloads\rcsetup152.exe
2015-09-18 12:42 - 2015-09-18 12:43 - 00102541 ____N C:\Windows\SysWOW64\abtsvchost.xml
2015-09-18 12:42 - 2014-06-11 23:08 - 00084376 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\AbtSvcHost_.exe
2015-09-12 00:56 - 2015-09-12 00:58 - 09036267 _____ C:\Users\Rohan\Downloads\Drama.mp4
2015-09-10 23:59 - 2015-09-28 19:57 - 00000000 ____D C:\ProgramData\Norton
2015-09-09 23:57 - 2015-09-09 23:57 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-08-31 08:40 - 2015-08-31 08:46 - 00000000 ___RD C:\Users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-29 18:54 - 2015-01-09 03:43 - 01583228 _____ C:\Windows\WindowsUpdate.log
2015-09-29 18:53 - 2015-01-10 08:21 - 00002112 _____ C:\ProgramData\netsh.out
2015-09-29 18:47 - 2015-01-09 05:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-29 18:13 - 2009-07-14 10:15 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-29 18:13 - 2009-07-14 10:15 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-29 18:08 - 2015-01-10 09:52 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-29 18:08 - 2015-01-10 08:21 - 00000231 _____ C:\ProgramData\SmartCallConfig.xml
2015-09-29 15:47 - 2015-01-09 05:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-29 15:35 - 2009-07-14 10:43 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-29 11:55 - 2015-01-09 06:57 - 00003486 _____ C:\Windows\System32\Tasks\AutoKMS
2015-09-29 11:54 - 2015-01-21 21:16 - 00000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-29 11:54 - 2015-01-09 07:32 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2015-09-29 11:54 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 05:42 - 2015-07-17 19:25 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\uTorrent
2015-09-28 23:44 - 2015-02-05 17:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-28 23:44 - 2015-02-05 17:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-28 19:29 - 2015-01-09 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-09-28 19:29 - 2015-01-09 07:04 - 00000000 ____D C:\Program Files (x86)\Acro Software
2015-09-28 19:21 - 2015-08-15 23:39 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\IDM
2015-09-28 19:21 - 2015-05-13 12:19 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\DAEMON Tools Lite
2015-09-28 19:21 - 2015-01-15 21:58 - 00000000 ____D C:\Users\Rohan\AppData\Local\CrashDumps
2015-09-28 18:47 - 2015-01-09 05:53 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-28 18:40 - 2015-08-11 12:35 - 00000000 ____D C:\Users\Rohan\Desktop\CAPTCHA Cracking
2015-09-28 18:39 - 2015-01-10 08:19 - 00000192 _____ C:\ProgramData\2012.par
2015-09-27 21:17 - 2009-07-14 10:38 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-27 16:27 - 2015-07-30 13:06 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-09-27 16:24 - 2015-01-09 06:18 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-27 00:20 - 2015-01-09 05:43 - 00000000 ____D C:\ProgramData\McAfee
2015-09-26 09:55 - 2015-03-25 00:35 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Skype
2015-09-26 01:36 - 2015-07-22 00:38 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-09-24 20:27 - 2015-08-07 22:11 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2015-09-24 18:15 - 2015-08-17 22:40 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\ApexDC++
2015-09-21 21:02 - 2015-04-15 16:34 - 00000000 ____D C:\Users\Rohan\Desktop\AIESEC
2015-09-21 20:31 - 2015-01-09 06:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-20 13:12 - 2015-01-09 09:27 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Adobe
2015-09-19 16:44 - 2015-01-09 03:43 - 00000000 ____D C:\Users\Rohan\AppData\Local\VirtualStore
2015-09-19 12:38 - 2015-01-09 03:43 - 00000000 ____D C:\Users\Rohan
2015-09-16 01:48 - 2015-01-24 16:33 - 00000000 ____D C:\Users\Rohan\AppData\Local\TempSWBackupDirectory
2015-09-16 01:10 - 2015-01-24 15:32 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\SolidWorks
2015-09-15 15:42 - 2015-01-09 05:46 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 15:42 - 2015-01-09 05:46 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-12 16:57 - 2015-01-09 05:46 - 00000000 ____D C:\Users\Rohan\AppData\Local\Google
2015-09-01 16:14 - 2015-01-09 04:27 - 00000000 ____D C:\Users\Rohan\AppData\Roaming\Atheros
2015-08-31 08:47 - 2015-01-09 04:19 - 00000000 ____D C:\Users\Rohan\Documents\Bluetooth Folder
==================== Files in the root of some directories =======
2015-01-12 21:15 - 2015-07-06 18:01 - 0007680 _____ () C:\Users\Rohan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-09 07:30 - 2015-05-28 15:51 - 7990216 _____ (Absolute Software Corp.) C:\Users\Rohan\AppData\Local\Setup.exe
2015-01-10 08:19 - 2015-09-28 18:39 - 0000192 _____ () C:\ProgramData\2012.par
2015-01-09 07:37 - 2015-05-06 20:37 - 0001856 __RSH () C:\ProgramData\3014.abs
2014-11-17 23:32 - 2014-11-17 23:32 - 0000003 _____ () C:\ProgramData\AbsoluteNotifier.txt
2015-09-29 11:54 - 2015-09-29 11:54 - 0000000 ____H () C:\ProgramData\cm-lock
2015-01-09 04:28 - 2015-01-09 04:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-10 08:21 - 2015-09-29 18:53 - 0002112 _____ () C:\ProgramData\netsh.out
2015-01-10 08:21 - 2015-09-29 18:08 - 0000231 _____ () C:\ProgramData\SmartCallConfig.xml
2015-09-29 11:56 - 2015-09-29 18:13 - 0000167 _____ () C:\ProgramData\SMartCallMonitorEvent.xml
Some files in TEMP:
====================
C:\Users\Rohan\AppData\Local\Temp\mdi264.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-24 23:07
==================== End of FRST.txt ============================