Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01 Ran by SYSTEM on MININT-AM77Q0R on 12-06-2014 16:09:22 Running from H:\ Platform: Windows 7 Professional (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-17] (Realtek Semiconductor) HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [194984 2013-07-20] (Quick Heal Technologies (P) Ltd.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-05] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-11] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-18] (APN) HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X] HKU\admim\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [149040 2007-03-19] (Nero AG) HKU\admim\...\Run: [KingTranslate] => "C:\Program Files (x86)\KingTranslate\KingTranslate.exe" /NotShowMainWindow HKU\admim\...\Run: [SpeedUpMyComputer] => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe [2054776 2013-07-22] () HKU\admim\...\Run: [FixMyRegistry] => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss HKU\admim\...\Run: [uTorrent] => C:\Users\admim\AppData\Roaming\uTorrent\uTorrent.exe [1272912 2014-06-03] (BitTorrent Inc.) AppInit_DLLs: Scdetour.dll => C:\Windows\system32\Scdetour.dll [391648 2013-09-12] (Quick Heal Technologies (P) Ltd.) AppInit_DLLs-x32: scdetour.dll => C:\Windows\SysWOW64\scdetour.dll [326048 2013-09-12] (Quick Heal Technologies (P) Ltd.) Lsa: [Notification Packages] scecli ScSecAuth Startup: C:\Users\admim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) BootExecute: autocheck autochk * bootdelete ==================== Services (Whitelisted) ================= S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-18] (APN LLC.) S2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [27560 2013-08-12] (Quick Heal Technologies (P) Ltd.) S2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [44136 2014-06-04] (Quick Heal Technologies (P) Ltd.) S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [262568 2013-08-12] (Quick Heal Technologies (P) Ltd.) S2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [262568 2013-08-12] (Quick Heal Technologies (P) Ltd.) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-12] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-11] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-11] (Intel Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [267824 2007-03-19] (Nero AG) S2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [34728 2013-08-12] (Quick Heal Technologies (P) Ltd.) S2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [128104 2014-06-04] (Quick Heal Technologies (P) Ltd.) S2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [319152 2014-03-12] (Quick Heal Technologies (P) Ltd.) S2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [497576 2013-09-12] (Quick Heal Technologies (P) Ltd.) ==================== Drivers (Whitelisted) ==================== S1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [257112 2013-09-13] (Quick Heal Technologies (P) Ltd.) S1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [25688 2013-09-13] (Quick Heal Technologies (P) Ltd.) S2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [56920 2013-07-20] (Quick Heal Technologies (P) Ltd.) S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [490256 2013-01-22] (Intel Corporation) S2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [19032 2013-07-20] (Quick Heal Technologies (P) Ltd.) S1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [73816 2013-09-06] (Quick Heal Technologies (P) Ltd.) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-11-09] () S3 llio; C:\Windows\system32\DRIVERS\llio.sys [68328 2014-03-27] (Quick Heal Technologies (P) Ltd.) S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [40536 2013-08-23] (Quick Heal Technologies (P) Ltd.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S2 webssx; C:\Windows\System32\DRIVERS\webssx.sys [60648 2013-12-30] (Quick Heal Technologies (P) Ltd.) S1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [72936 2013-12-27] (Quick Heal Technologies (P) Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-12 16:09 - 2014-06-12 16:09 - 00000000 ____D () C:\FRST 2014-06-11 13:40 - 2014-06-11 13:40 - 00000000 __SHD () C:\found.000 2014-06-11 03:23 - 2014-06-11 03:23 - 00003544 ____N () C:\bootsqm.dat 2014-06-11 01:19 - 2014-06-11 01:19 - 00000000 __SHD () C:\found.001 2014-06-10 19:38 - 2014-06-10 19:38 - 00000000 ___HD () C:\Users\admim\ScStore 2014-06-10 02:04 - 2014-06-10 02:09 - 03239391 _____ () C:\Users\admim\Downloads\MP-PHE.rar 2014-06-10 02:03 - 2014-06-10 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-09 00:58 - 2014-06-10 20:50 - 00001159 _____ () C:\Users\admim\Documents\plot.log 2014-06-06 00:11 - 2014-06-06 00:11 - 00000188 ____H () C:\Users\admim\Documents\Drawing1.dwl2 2014-06-06 00:11 - 2014-06-06 00:11 - 00000038 ____H () C:\Users\admim\Documents\Drawing1.dwl 2014-06-04 22:12 - 2014-06-07 03:04 - 1713874944 _____ () C:\Users\admim\Downloads\keiso_isac3d32014tv.iso 2014-06-04 22:06 - 2014-06-07 02:24 - 00000000 ____D () C:\Users\admim\Downloads\InfiniteSkills.Learning.AutoDesk.Revit.MEP.2013.Training.Video 2014-06-03 20:58 - 2014-06-08 19:40 - 00000000 ____D () C:\Users\admim\Desktop\Aj_Ref files 2014-06-03 01:58 - 2014-06-03 02:03 - 00000000 ____D () C:\Users\admim\Downloads\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.3 + Key - {Cyclonoid} 2014-06-03 01:57 - 2014-06-03 01:57 - 00000848 _____ () C:\Users\admim\Desktop\µTorrent.lnk 2014-06-03 01:56 - 2014-06-10 23:29 - 00000000 ____D () C:\Users\admim\AppData\Roaming\uTorrent 2014-06-03 01:55 - 2014-06-03 01:56 - 01272912 _____ (BitTorrent Inc.) C:\Users\admim\Downloads\uTorrent.exe 2014-06-03 00:43 - 2014-06-03 00:43 - 00000000 ____D () C:\Users\admim\AppData\Local\CutePDF Writer 2014-06-03 00:42 - 2014-06-03 00:42 - 00003120 _____ () C:\Windows\System32\Tasks\{E8899465-8959-46B9-8BDA-A23B2DD0A993} 2014-06-03 00:42 - 2014-06-03 00:42 - 00000000 ____D () C:\Program Files (x86)\GPLGS 2014-06-03 00:36 - 2014-06-03 00:41 - 05254656 _____ () C:\Users\admim\Downloads\converter.exe 2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork 2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\ProgramData\APN 2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork 2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\Program Files (x86)\Acro Software 2014-06-03 00:34 - 2014-03-05 15:31 - 00489392 _____ (Ask Partner Network) C:\Users\admim\Documents\APNSetup1.exe 2014-06-03 00:34 - 2013-10-23 00:54 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll 2014-06-03 00:32 - 2014-06-03 00:33 - 02003352 _____ (Acro Software Inc. ) C:\Users\admim\Downloads\CuteWriter.exe 2014-05-21 00:22 - 2014-06-10 23:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-21 00:22 - 2014-05-21 00:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 19:40 - 2014-05-05 20:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-05-14 19:40 - 2014-05-05 20:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-05-14 19:40 - 2014-05-05 19:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 19:40 - 2014-05-05 19:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 19:40 - 2014-05-05 19:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2014-05-14 19:40 - 2014-05-05 18:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-13 21:10 - 2014-04-11 18:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2014-05-13 21:10 - 2014-04-11 18:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2014-05-13 21:10 - 2014-04-11 18:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2014-05-13 21:10 - 2014-04-11 18:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll 2014-05-13 21:10 - 2014-04-11 18:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe 2014-05-13 21:10 - 2014-04-11 18:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll 2014-05-13 21:10 - 2014-04-11 18:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll 2014-05-13 21:10 - 2014-04-11 18:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-13 21:10 - 2014-04-11 18:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-13 21:10 - 2014-03-24 18:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll 2014-05-13 21:10 - 2014-03-24 18:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-13 21:10 - 2014-03-04 01:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2014-05-13 21:10 - 2014-03-04 01:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2014-05-13 21:10 - 2014-03-04 01:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\System32\objsel.dll 2014-05-13 21:10 - 2014-03-04 01:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2014-05-13 21:10 - 2014-03-04 01:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2014-05-13 21:10 - 2014-03-04 01:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2014-05-13 21:10 - 2014-03-04 01:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll 2014-05-13 21:10 - 2014-03-04 01:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll 2014-05-13 21:10 - 2014-03-04 01:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\wincredprovider.dll 2014-05-13 21:10 - 2014-03-04 01:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe 2014-05-13 21:10 - 2014-03-04 01:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\cngprovider.dll 2014-05-13 21:10 - 2014-03-04 01:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\adprovider.dll 2014-05-13 21:10 - 2014-03-04 01:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\capiprovider.dll 2014-05-13 21:10 - 2014-03-04 01:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\dpapiprovider.dll 2014-05-13 21:10 - 2014-03-04 01:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\dimsroam.dll 2014-05-13 21:10 - 2014-03-04 01:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll 2014-05-13 21:10 - 2014-03-04 01:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-13 21:10 - 2014-03-04 01:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-13 21:10 - 2014-03-04 01:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-13 21:10 - 2014-03-04 01:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-13 21:10 - 2014-03-04 01:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll ==================== One Month Modified Files and Folders ======= 2014-06-12 16:09 - 2014-06-12 16:09 - 00000000 ____D () C:\FRST 2014-06-12 02:16 - 2013-09-22 01:54 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-11 13:40 - 2014-06-11 13:40 - 00000000 __SHD () C:\found.000 2014-06-11 03:23 - 2014-06-11 03:23 - 00003544 ____N () C:\bootsqm.dat 2014-06-11 01:19 - 2014-06-11 01:19 - 00000000 __SHD () C:\found.001 2014-06-10 23:30 - 2014-01-21 04:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-06-10 23:30 - 2014-01-21 04:17 - 00000000 ____D () C:\Windows\System32\MRT 2014-06-10 23:30 - 2013-09-21 07:14 - 01977697 _____ () C:\Windows\WindowsUpdate.log 2014-06-10 23:29 - 2014-06-03 01:56 - 00000000 ____D () C:\Users\admim\AppData\Roaming\uTorrent 2014-06-10 23:29 - 2014-03-05 19:36 - 00000000 ____D () C:\Users\admim\AppData\Local\Temp 2014-06-10 23:28 - 2013-12-19 07:01 - 00000000 ____D () C:\Users\admim\Desktop\TIMESHEET 2014-06-10 23:27 - 2013-09-22 20:37 - 00000000 ____D () C:\Users\admim\AppData\Roaming\Dropbox 2014-06-10 23:17 - 2014-05-21 00:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-10 23:00 - 2013-09-22 19:33 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-10 22:38 - 2009-07-13 20:45 - 00009792 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-10 22:38 - 2009-07-13 20:45 - 00009792 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-10 22:37 - 2014-02-06 02:37 - 00000466 _____ () C:\Windows\Tasks\Quick Heal AntiMalware Scan.job 2014-06-10 22:37 - 2014-02-06 02:37 - 00000442 _____ () C:\Windows\Tasks\Resume Quickup Download.job 2014-06-10 22:20 - 2013-10-02 19:18 - 00000000 ____D () C:\Civil 3D Projects 2014-06-10 22:06 - 2013-09-21 07:43 - 00000000 ____D () C:\Users\admim\AppData\Local\Microsoft Help 2014-06-10 20:50 - 2014-06-09 00:58 - 00001159 _____ () C:\Users\admim\Documents\plot.log 2014-06-10 19:39 - 2014-01-21 08:07 - 00000000 ____D () C:\Users\admim\AppData\Roaming\DropboxMaster 2014-06-10 19:38 - 2014-06-10 19:38 - 00000000 ___HD () C:\Users\admim\ScStore 2014-06-10 19:38 - 2014-02-01 03:43 - 00000516 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job 2014-06-10 19:38 - 2013-11-08 21:10 - 00027586 _____ () C:\Windows\setupact.log 2014-06-10 19:38 - 2013-09-22 19:33 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-10 19:38 - 2013-09-21 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-10 19:38 - 2013-09-21 07:12 - 00000000 ____D () C:\users\admim 2014-06-10 19:38 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-10 02:09 - 2014-06-10 02:04 - 03239391 _____ () C:\Users\admim\Downloads\MP-PHE.rar 2014-06-10 02:03 - 2014-06-10 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-09 04:17 - 2014-01-21 02:29 - 00003004 _____ () C:\Users\admim\Documents\acad.err 2014-06-09 03:30 - 2009-07-13 21:13 - 00713888 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-06-09 00:11 - 2014-01-18 00:50 - 00000185 _____ () C:\Users\admim\AppData\default.pls 2014-06-09 00:11 - 2013-09-21 07:44 - 00000000 ____D () C:\Users\admim\AppData\Roaming\vlc 2014-06-08 19:40 - 2014-06-03 20:58 - 00000000 ____D () C:\Users\admim\Desktop\Aj_Ref files 2014-06-08 19:29 - 2014-02-06 02:36 - 00000000 ____D () C:\Windows\System32\gprodat 2014-06-08 19:29 - 2013-11-08 22:05 - 00089376 _____ () C:\Windows\PFRO.log 2014-06-07 04:30 - 2014-02-01 03:43 - 00000492 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job 2014-06-07 03:04 - 2014-06-04 22:12 - 1713874944 _____ () C:\Users\admim\Downloads\keiso_isac3d32014tv.iso 2014-06-07 02:24 - 2014-06-04 22:06 - 00000000 ____D () C:\Users\admim\Downloads\InfiniteSkills.Learning.AutoDesk.Revit.MEP.2013.Training.Video 2014-06-06 21:11 - 2013-12-21 00:48 - 00000530 _____ () C:\Windows\System32\nvscnrpt.log 2014-06-06 00:11 - 2014-06-06 00:11 - 00000188 ____H () C:\Users\admim\Documents\Drawing1.dwl2 2014-06-06 00:11 - 2014-06-06 00:11 - 00000038 ____H () C:\Users\admim\Documents\Drawing1.dwl 2014-06-05 08:00 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-06-03 02:03 - 2014-06-03 01:58 - 00000000 ____D () C:\Users\admim\Downloads\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.3 + Key - {Cyclonoid} 2014-06-03 01:57 - 2014-06-03 01:57 - 00000848 _____ () C:\Users\admim\Desktop\µTorrent.lnk 2014-06-03 01:56 - 2014-06-03 01:55 - 01272912 _____ (BitTorrent Inc.) C:\Users\admim\Downloads\uTorrent.exe 2014-06-03 00:43 - 2014-06-03 00:43 - 00000000 ____D () C:\Users\admim\AppData\Local\CutePDF Writer 2014-06-03 00:42 - 2014-06-03 00:42 - 00003120 _____ () C:\Windows\System32\Tasks\{E8899465-8959-46B9-8BDA-A23B2DD0A993} 2014-06-03 00:42 - 2014-06-03 00:42 - 00000000 ____D () C:\Program Files (x86)\GPLGS 2014-06-03 00:41 - 2014-06-03 00:36 - 05254656 _____ () C:\Users\admim\Downloads\converter.exe 2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork 2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\ProgramData\APN 2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork 2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\Program Files (x86)\Acro Software 2014-06-03 00:33 - 2014-06-03 00:32 - 02003352 _____ (Acro Software Inc. ) C:\Users\admim\Downloads\CuteWriter.exe 2014-05-21 22:39 - 2013-09-21 07:45 - 00000000 ____D () C:\Users\admim\AppData\Local\Google 2014-05-21 00:23 - 2014-05-21 00:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-21 00:22 - 2013-09-23 07:08 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-21 00:22 - 2013-09-23 07:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 19:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions Some content of TEMP: ==================== C:\Users\admim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0cvpqu.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 7977.29 MB Available physical RAM: 7163.64 MB Total Pagefile: 7975.44 MB Available Pagefile: 7154.01 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:145.95 GB) NTFS Drive d: (Aum) (Fixed) (Total:638.54 GB) (Free:584.35 GB) NTFS Drive f: (Personal) (Fixed) (Total:97.66 GB) (Free:97.56 GB) NTFS Drive h: (AUM TECH) (Removable) (Total:7.28 GB) (Free:7.15 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C2D4C849) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=639 GB) - (Type=OF Extended) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: 28A1EEF3) Partition 1: (Not Active) - (Size=7 GB) - (Type=0C) LastRegBack: 2014-05-11 21:49 ==================== End Of Log ============================