Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 Ran by Tomal (administrator) on TOMAL-THINK on 12-01-2015 11:32:21 Running from D:\Downloads Loaded Profiles: UpdatusUser & Tomal (Available profiles: UpdatusUser & Tomal) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Spotify Ltd) C:\Users\Tomal\AppData\Roaming\Spotify\spotify.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Spotify Ltd) C:\Users\Tomal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Elaborate Bytes AG) D:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\Tomal\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Tomal\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Tomal\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Tomal\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Tomal\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-01-28] (Lenovo Group Limited) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2014-02-09] (Intel Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.) HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [733936 2014-02-09] (Lenovo) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] => D:\Program Files (x86)\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software) HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\0354db3c-7f43-447f-8434-3c9e052836e3.exe [183232 2015-01-12] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-21-3344539325-2673986942-111047828-1001\...\Run: [SugarSync] => C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11241824 2012-09-19] (SugarSync, Inc.) HKU\S-1-5-21-3344539325-2673986942-111047828-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-3344539325-2673986942-111047828-1001\...\Run: [Spotify] => C:\Users\Tomal\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-28] (Spotify Ltd) HKU\S-1-5-21-3344539325-2673986942-111047828-1001\...\Run: [Avro Keyboard] => C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe [4703600 2015-01-04] (OmicronLab) HKU\S-1-5-21-3344539325-2673986942-111047828-1001\...\Run: [GoogleChromeAutoLaunch_FF40271E27F138411B5A885698023BEB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.) HKU\S-1-5-21-3344539325-2673986942-111047828-1001\...\Run: [Spotify Web Helper] => C:\Users\Tomal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-28] (Spotify Ltd) HKU\S-1-5-21-3344539325-2673986942-111047828-1001\...\MountPoints2: {fee601c9-9173-11e3-89fd-806e6f6e6963} - "E:\Install Navigator.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-01-10] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-10] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Tomal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3344539325-2673986942-111047828-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13-comm.msn.com/?pc=LNJB HKU\S-1-5-21-3344539325-2673986942-111047828-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.com/?pc=LNJB HKU\S-1-5-21-3344539325-2673986942-111047828-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com HKU\S-1-5-21-3344539325-2673986942-111047828-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3344539325-2673986942-111047828-1001 -> DefaultScope {3124A1D6-EF2D-46BC-8129-738F89DC49C8} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3344539325-2673986942-111047828-1001 -> {3124A1D6-EF2D-46BC-8129-738F89DC49C8} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3344539325-2673986942-111047828-1001 -> {6146710B-7174-4713-9692-3FB5C0B305D0} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{06DC00D5-30D6-4F19-B219-F4B89890A382}: [NameServer] 148.85.1.1 148.85.1.3 FireFox: ======== FF ProfilePath: C:\Users\Tomal\AppData\Roaming\Mozilla\Firefox\Profiles\iV371HyW.default FF Plugin: @java.com/DTPlugin,version=11.25.2 -> D:\Program Files\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> D:\Program Files\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Tomal\AppData\Roaming\Mozilla\Firefox\Profiles\iV371HyW.default\Extensions\abs@avira.com [2014-08-27] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-09] Chrome: ======= CHR Profile: C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-26] CHR Extension: (Google Docs) - C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-26] CHR Extension: (Google Drive) - C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-26] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-26] CHR Extension: (YouTube) - C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-26] CHR Extension: (Adblock Plus) - C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-27] CHR Extension: (Google Search) - C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-26] CHR Extension: (Google Sheets) - C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-26] CHR Extension: (Avira Browser Safety) - C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-27] CHR Extension: (Google Wallet) - C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-26] CHR Extension: (Gmail) - C:\Users\Tomal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-26] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2014-02-09] (Lenovo.) R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-04-12] (Lenovo) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [188200 2013-01-28] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] () R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-09-08] (PACE Anti-Piracy, Inc.) [File not signed] S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-02-09] () S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed] S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526048 2014-05-25] (Lenovo Group Limited) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation) S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-09] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-09] () R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.) S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [55536 2013-04-12] (Windows (R) Win 7 DDK provider) R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-01-10] (NVIDIA Corporation) R2 smihlp2; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility) ========================== Drivers MD5 ======================= C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\5U877.sys 1F305C858E7B5E537C9B783D46243A7A C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\system32\drivers\aswHwid.sys 9BE9F2B83DE80E2752B1405CC427E2EC C:\Windows\system32\drivers\aswMonFlt.sys DE13ACC4B3EA66B4FBED7CF322807C90 C:\Windows\system32\drivers\aswRdr2.sys 4750016EF9CC1DEC6DA3FE5AF9A7F095 C:\Windows\System32\Drivers\aswRvrt.sys 1323269A92645705DEFA053F3596829D C:\Windows\system32\drivers\aswSnx.sys E74FD717476B30E23F45354B8F3ACB30 C:\Windows\system32\drivers\aswSP.sys B1881A01E301990B671694CA1623F1B6 C:\Windows\system32\drivers\aswStm.sys 7509F07BA6F84C1E3B2C0D78A1F6F782 C:\Windows\System32\Drivers\aswVmm.sys 1A5BDDE65B648DC3AD48B6ECAA3AE9C8 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\drivers\bcbtums.sys F01759FA97126CC69DFA85CEDA0717A1 C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\system32\drivers\btwampfl.sys 3AFF6DC496B8A8D12C867E3FC7C86FAC C:\Windows\System32\drivers\btwaudio.sys 336BBA0909B3636AB7D06A71D7B1C0DC C:\Windows\System32\DRIVERS\btwavdt.sys 9FF58F76024D25784755B01F926B00BE C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9 C:\Windows\System32\DRIVERS\btwrchid.sys EDD953D635F3AA89EF902E3F82D60D22 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\diginet.sys 0889680021F68E24E23B2F8540508020 C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868 C:\Windows\System32\DRIVERS\DzHDD64.sys 3CE83D7EE95D9C9F03323810A2E747DF C:\Windows\System32\DRIVERS\e1c62x64.sys 03F4C5C12FC1C69F838DA723475EF650 C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\System32\Drivers\ElbyCDIO.sys BE2902E13CA69383F449B6BF927844FB C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fastboot.sys B76B2CB4BD5B38397D4CE3FC50C8A3AB C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ffusb2audio.sys 2E1FBB0769DF4C56B527A4000820A8D0 C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\drivers\iaStor.sys CCFA835960E35F30D28A868E0B3B8722 C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\ibmpmdrv.sys 72B253CDBCAA10E88AAD0BA39CC83BCD C:\Windows\System32\DRIVERS\igdkmd64.sys 5318D51AC69A9C0FEF67D36CBE8BEA68 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\intelaud.sys 314285071F7117263BD246E35C17FD82 C:\Windows\System32\drivers\RTKVHD64.sys 354718FC1DD8498B772E11779173DEAF C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\iusb3hcs.sys B2381712638B0B714D0EEAB9A1F7C640 C:\Windows\System32\DRIVERS\iusb3hub.sys FD2C6457232E95C014DAD21DEBC64867 C:\Windows\System32\DRIVERS\iusb3xhc.sys F6A2B5D030BE7EDF8ADC12C9A40825A8 C:\Windows\System32\DRIVERS\iwdbus.sys 4487AD9C070D3973FE28AB4406555FC6 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1 C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579 C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3 C:\Windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646C C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys 6B01B7414A105B9E51652089A03027CF C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Netwsw00.sys FAD6C5610D020534401966CD72A1C306 C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvkflt.sys FB49C2A67096411EF5D20871946F0BE7 C:\Windows\System32\DRIVERS\nvlddmkm.sys 993D73A8090C957230DE4E14AA9C5DFF C:\Windows\System32\DRIVERS\nvpciflt.sys 29C4634D4B9A36CAA14BA5C91E5F4E8B C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS B4C1BF666DBD6899EC4A9A499DAA040B C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\psadd.sys 05A4779E4994B21473EDBE85AABE8030 C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\risdxc64.sys 5A227511ED22DDFEDF7EF7323C8F7D2F C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Apsx64.sys 3FA2CBF653544AB4EC2249B6719A3C8E C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 3BC2844AF786CA422CC31D505ACFA9F2 C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\System32\DRIVERS\ssadbus.sys 8F8324ED1DE63FFC7B1A02CD2D963C72 C:\Windows\System32\DRIVERS\ssadmdfl.sys 58221EFCB74167B73667F0024C661CE0 C:\Windows\System32\DRIVERS\ssadmdm.sys 4DA7C71BFAC5AD71255B7E4CAB980163 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys 883D2880144FD3ED9F1C04B5B5B9B562 C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65 C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ApsHM64.sys C6A7B3A4AA4D77520BBC3A7DB0019365 C:\Windows\System32\Drivers\Tpkd.sys 8DD33A57339ADAE34CDB12994ACBC50F C:\Windows\System32\drivers\tpm.sys DBCC20C02E8A3E43B03C304A4E40A84F C:\Windows\System32\drivers\Tppwr64v.sys 1DF6E6C026AD1D428687FE3B427A87BC C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Tvti2c.sys D4915DB03B19F9FD50EC084CC0ED15FC C:\Windows\System32\DRIVERS\tvtvcamd.sys 760B34088C2AD8D634CC3784EF3A2CA2 C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0 C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2 C:\Windows\System32\DRIVERS\usbccgp.sys 91D3C92A44FC682DD791147604E79152 C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys F7FFDF2A1D19A76A87759126B244C816 C:\Windows\System32\DRIVERS\usbhub.sys 245FE7FC634D6A993E682E0A9EBA4ABB C:\Windows\system32\drivers\usbohci.sys C1A8966E0D09BFB501045105B30D86F2 C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys 2E682DCE4319A90E02A327F8A427544A C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\DRIVERS\VClone.sys 3C8E2C591345F38149C69FE8E5DF8C90 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8 C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-12 11:30 - 2015-01-12 11:32 - 00000000 ____D () C:\FRST 2015-01-12 00:57 - 2015-01-12 00:57 - 00000085 _____ () C:\Windows\wininit.ini 2015-01-11 23:31 - 2015-01-11 23:31 - 01057320 _____ () C:\Windows\Minidump\011115-15678-01.dmp 2015-01-11 23:07 - 2015-01-11 23:07 - 00000000 ____D () C:\Program Files\SAMSUNG 2015-01-11 23:07 - 2011-06-02 00:47 - 00177640 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdm.sys 2015-01-11 23:07 - 2011-06-02 00:47 - 00157672 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadbus.sys 2015-01-11 23:07 - 2011-06-02 00:47 - 00016872 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdfl.sys 2015-01-11 23:07 - 2011-06-02 00:47 - 00013800 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwhnt.sys 2015-01-11 23:07 - 2011-06-02 00:47 - 00013288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcmnt.sys 2015-01-11 22:53 - 2011-06-02 00:47 - 00013800 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwh.sys 2015-01-11 22:53 - 2011-06-02 00:47 - 00013288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcm.sys 2015-01-11 15:21 - 2015-01-11 15:21 - 00086872 _____ () C:\Users\Tomal\Downloads\Exe64bitDetector.zip 2015-01-11 11:46 - 2015-01-11 11:46 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Neuratron 2015-01-11 11:44 - 2015-01-11 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neuratron 2015-01-11 11:44 - 2015-01-11 11:44 - 00000000 ____D () C:\Program Files (x86)\Neuratron PhotoScore Ultimate Demo 2015-01-11 11:26 - 2015-01-11 11:55 - 00000000 ____D () C:\Users\Tomal\Desktop\Eki Shonar Aloy XML 2015-01-11 11:24 - 2015-01-11 11:24 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\ACAMPREF 2015-01-11 11:24 - 2001-02-16 08:51 - 00000724 _____ () C:\Windows\wacam.ini 2015-01-10 17:15 - 2015-01-10 17:20 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\SongManager 2015-01-10 15:57 - 2015-01-10 16:00 - 00000000 ____D () C:\Users\Tomal\Documents\Addictive Drums 2015-01-10 15:57 - 2015-01-10 15:57 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLN Audio 2015-01-10 12:44 - 2015-01-10 12:44 - 01057360 _____ () C:\Windows\Minidump\011015-14086-01.dmp 2015-01-10 12:21 - 2015-01-10 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garritan ARIA Player 2015-01-10 12:21 - 2015-01-10 12:21 - 00000000 ____D () C:\Program Files\Garritan 2015-01-10 12:15 - 2015-01-10 12:15 - 00000000 ____D () C:\Users\Tomal\Documents\Native Instruments 2015-01-10 12:15 - 2015-01-10 12:15 - 00000000 ____D () C:\Users\Tomal\AppData\Local\Native Instruments 2015-01-10 12:14 - 2015-01-10 12:14 - 00000000 __HDC () C:\ProgramData\{DEB7EC0A-2CAA-4D3F-980F-EFEF8157E3FA} 2015-01-10 12:14 - 2015-01-10 12:14 - 00000000 ____D () C:\ProgramData\Native Instruments 2015-01-10 12:14 - 2015-01-10 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2015-01-10 12:03 - 2015-01-10 12:03 - 00000000 __HDC () C:\ProgramData\{27AE6DBC-0CA4-4761-8752-2B1ADDB90175} 2015-01-10 12:00 - 2015-01-10 12:00 - 00002958 _____ () C:\Windows\System32\Tasks\elbyExecuteWithUAC 2015-01-10 11:59 - 2015-01-10 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2015-01-10 11:34 - 2015-01-10 12:21 - 00000000 ____D () C:\Program Files\Vstplugins 2015-01-10 11:34 - 2015-01-10 11:34 - 00000000 ____D () C:\Program Files\Native Instruments 2015-01-10 11:34 - 2015-01-10 11:34 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments 2015-01-10 11:34 - 2015-01-10 11:34 - 00000000 ____D () C:\Program Files\Common Files\Avid 2015-01-09 15:34 - 2015-01-09 15:51 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\PreSonus 2015-01-09 15:34 - 2015-01-09 15:50 - 00000000 ____D () C:\ProgramData\PreSonus 2015-01-09 15:33 - 2015-01-09 15:33 - 00004842 _____ () C:\GEARDIFx_install.log 2015-01-09 15:33 - 2015-01-09 15:33 - 00001024 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio One 2 x64.lnk 2015-01-09 15:33 - 2015-01-09 15:33 - 00000000 ____D () C:\Program Files\PreSonus 2015-01-09 15:27 - 2015-01-12 11:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-09 15:27 - 2015-01-09 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-09 15:27 - 2015-01-09 15:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-09 15:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-09 15:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-09 15:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-09 15:17 - 2015-01-09 15:17 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Dropbox 2015-01-09 15:06 - 2015-01-09 15:06 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-01-09 15:06 - 2015-01-09 15:06 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-01-09 15:06 - 2015-01-09 15:06 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-09 15:06 - 2015-01-09 15:06 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-01-09 15:06 - 2015-01-09 15:06 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-01-09 15:06 - 2015-01-09 15:06 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-01-09 15:06 - 2015-01-09 15:06 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-01-09 15:06 - 2015-01-09 15:06 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-01-09 15:06 - 2015-01-09 15:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-01-09 15:06 - 2015-01-09 15:06 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-01-09 15:06 - 2015-01-09 15:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-09 15:06 - 2015-01-09 15:06 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\AVAST Software 2015-01-09 15:06 - 2015-01-09 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-01-09 15:05 - 2015-01-12 00:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-09 15:05 - 2015-01-09 15:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2015-01-09 15:05 - 2015-01-09 15:05 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-09 15:05 - 2015-01-09 15:05 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-09 14:29 - 2015-01-09 14:30 - 00000000 ____D () C:\Program Files\REAPER (x64) 2015-01-09 14:15 - 2015-01-09 14:18 - 00000000 ____D () C:\Users\Tomal\Documents\REAPER Media 2015-01-09 14:06 - 2015-01-09 14:30 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\REAPER 2015-01-09 11:49 - 2015-01-11 23:31 - 00000000 ____D () C:\Windows\Minidump 2015-01-09 11:49 - 2015-01-11 23:30 - 752999471 _____ () C:\Windows\MEMORY.DMP 2015-01-09 11:49 - 2015-01-09 11:49 - 01038664 _____ () C:\Windows\Minidump\010915-16458-01.dmp 2015-01-09 00:12 - 2015-01-09 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite 2015-01-09 00:12 - 2013-09-25 14:41 - 00022832 _____ (Focusrite Audio Engineering Limited.) C:\Windows\system32\ffusb2audio_coinst.dll 2015-01-09 00:12 - 2013-09-25 14:40 - 00127280 _____ (Focusrite Audio Engineering Limited.) C:\Windows\system32\Drivers\ffusb2audio.sys 2015-01-06 22:09 - 2015-01-06 22:17 - 00000000 ____D () C:\vstplugins 2015-01-06 21:29 - 2015-01-06 21:29 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Plogue 2015-01-06 21:22 - 2015-01-06 21:22 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2015-01-06 21:20 - 2015-01-06 21:20 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Garritan 2015-01-06 21:13 - 2015-01-06 21:13 - 00000000 ____D () C:\Program Files\Plogue 2015-01-06 21:09 - 2015-01-06 21:09 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk 2015-01-06 21:09 - 2015-01-06 21:09 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2015-01-06 21:09 - 2015-01-06 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities 2015-01-06 21:03 - 2015-01-06 21:03 - 00000000 ____D () C:\Users\Tomal\Documents\Ulead Burn.Now 2015-01-06 21:03 - 2015-01-06 21:03 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Ulead Systems 2015-01-06 18:47 - 2015-01-06 18:47 - 00000000 ____D () C:\Users\Tomal\Documents\Celemony 2015-01-06 18:27 - 2015-01-12 01:13 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Celemony Software GmbH 2015-01-06 18:27 - 2015-01-06 18:27 - 00000000 ____D () C:\ProgramData\Temporary 2015-01-06 18:27 - 2015-01-06 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celemony 2015-01-06 18:27 - 2015-01-06 18:27 - 00000000 ____D () C:\ProgramData\Celemony Software GmbH 2015-01-06 18:27 - 2015-01-06 18:27 - 00000000 ____D () C:\Program Files\MelodyneVstPlugins 2015-01-06 18:27 - 2015-01-06 18:27 - 00000000 ____D () C:\Program Files\Common Files\VST3 2015-01-06 18:27 - 2015-01-06 18:27 - 00000000 ____D () C:\Program Files\Common Files\Celemony 2015-01-06 18:27 - 2015-01-06 18:27 - 00000000 ____D () C:\Program Files\Celemony 2015-01-06 16:35 - 2015-01-10 17:37 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2015-01-06 16:35 - 2015-01-10 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line 2015-01-06 16:35 - 2015-01-10 17:16 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Image-Line 2015-01-06 16:35 - 2015-01-06 16:35 - 00000000 ____D () C:\Users\Tomal\Documents\Image-Line 2015-01-06 16:35 - 2015-01-06 16:35 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\FlowStone 2015-01-06 16:35 - 2015-01-06 16:35 - 00000000 ____D () C:\Program Files\Image-Line 2015-01-06 16:35 - 2015-01-06 16:35 - 00000000 ____D () C:\Program Files (x86)\VstPlugins 2015-01-06 16:35 - 2015-01-06 16:35 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics 2015-01-06 16:33 - 2015-01-10 17:21 - 00000000 ____D () C:\Program Files (x86)\Image-Line 2015-01-06 16:06 - 2015-01-06 16:06 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Trillium Lane 2015-01-06 16:05 - 2015-01-06 16:05 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\PACE Anti-Piracy 2015-01-06 16:05 - 2015-01-06 16:05 - 00000000 ____D () C:\Users\Tomal\AppData\Local\PACE Anti-Piracy 2015-01-06 15:52 - 2015-01-06 15:52 - 00000000 ____D () C:\ProgramData\DigiDriver 2015-01-06 15:33 - 2015-01-06 15:33 - 00000000 ____D () C:\ProgramData\PACE 2015-01-06 15:14 - 2015-01-06 15:14 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 2015-01-05 00:11 - 2015-01-05 00:11 - 00000000 ____D () C:\ProgramData\APN 2015-01-05 00:10 - 2015-01-11 23:40 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\BitTorrent 2015-01-04 14:34 - 2015-01-04 16:55 - 00000000 ____D () C:\ProgramData\Avro Keyboard 2015-01-04 14:34 - 2015-01-04 14:34 - 00001194 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avro Keyboard.lnk 2015-01-04 14:34 - 2015-01-04 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avro Keyboard 2015-01-04 14:34 - 2015-01-04 14:34 - 00000000 ____D () C:\Program Files (x86)\Avro Keyboard 2015-01-04 14:34 - 2014-02-22 00:05 - 01891184 _____ (OmicronLab) C:\Windows\SysWOW64\AvroSpell.dll 2015-01-03 17:19 - 2015-01-03 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-01-02 16:07 - 2015-01-02 16:10 - 00000000 ____D () C:\Windows\SysWOW64\cache 2015-01-02 16:05 - 2015-01-06 21:50 - 00000000 ____D () C:\Program Files (x86)\Piano Marvel Plugin 2014-12-31 00:35 - 2014-12-31 00:35 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-12-30 00:13 - 2014-12-30 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcribe! 2014-12-28 01:38 - 2015-01-12 11:12 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Spotify 2014-12-28 01:38 - 2015-01-12 11:07 - 00000000 ____D () C:\Users\Tomal\AppData\Local\Spotify 2014-12-28 01:38 - 2014-12-28 01:38 - 00001764 _____ () C:\Users\Tomal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2014-12-27 23:15 - 2014-12-27 23:15 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-21 12:13 - 2014-12-21 12:13 - 00000000 ____D () C:\Users\Tomal\.idlerc 2014-12-18 12:25 - 2014-12-18 12:25 - 00000000 ____D () C:\Users\Tomal\.qucs 2014-12-18 12:25 - 2014-12-18 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qucs 2014-12-18 10:04 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 10:04 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-12 11:17 - 2009-07-13 23:51 - 00118350 _____ () C:\Windows\setupact.log 2015-01-12 11:14 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-12 11:14 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-12 11:13 - 2009-07-14 00:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-12 11:11 - 2014-02-09 05:25 - 01089934 _____ () C:\Windows\WindowsUpdate.log 2015-01-12 11:07 - 2014-09-16 21:37 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Skype 2015-01-12 11:07 - 2014-08-26 12:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-12 11:07 - 2014-02-09 05:35 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-12 11:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-12 01:24 - 2014-11-30 16:38 - 00000000 ____D () C:\Program Files\Avid 2015-01-12 01:06 - 2014-08-26 12:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-12 00:57 - 2010-11-20 22:47 - 00704636 _____ () C:\Windows\PFRO.log 2015-01-11 23:31 - 2009-07-13 23:45 - 00590712 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-11 22:52 - 2014-08-27 02:42 - 00000000 ____D () C:\ProgramData\Samsung 2015-01-11 17:23 - 2014-09-08 12:00 - 00000000 ____D () C:\Users\Tomal\AppData\Local\CrashDumps 2015-01-11 11:44 - 2014-08-26 12:42 - 00143784 _____ () C:\Users\Tomal\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-10 12:46 - 2014-08-26 12:40 - 00000000 ____D () C:\Users\Tomal\AppData\Local\SugarSync 2015-01-09 15:33 - 2014-11-30 16:40 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software 2015-01-09 15:07 - 2014-08-27 14:30 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-09 02:38 - 2014-11-30 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid 2015-01-09 00:51 - 2014-11-07 09:49 - 00000000 ___HD () C:\Users\Tomal\AppData\Local\4xwTK1Y1b3FJb6 2015-01-09 00:12 - 2014-02-09 05:25 - 00082856 _____ () C:\Windows\DPINST.LOG 2015-01-09 00:12 - 2014-02-09 05:25 - 00000000 ____D () C:\Program Files\DIFX 2015-01-06 21:28 - 2014-08-26 12:46 - 00000000 ____D () C:\Users\Tomal\AppData\Local\Deployment 2015-01-06 21:21 - 2014-08-27 15:58 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software 2015-01-06 21:09 - 2014-08-27 15:58 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\NCH Software 2015-01-06 21:09 - 2014-08-27 15:58 - 00000000 ____D () C:\ProgramData\NCH Software 2015-01-06 21:09 - 2014-08-27 15:58 - 00000000 ____D () C:\Program Files (x86)\NCH Software 2015-01-06 16:43 - 2014-08-26 12:42 - 00000000 ____D () C:\Users\Tomal\AppData\Local\VirtualStore 2015-01-06 16:05 - 2014-10-18 15:57 - 00000000 ___HD () C:\Users\Tomal\AppData\Local\JJ97SFw2G7xBZ 2015-01-06 16:05 - 2014-08-26 12:38 - 00000000 ____D () C:\Users\Tomal 2015-01-06 16:05 - 2014-07-18 03:00 - 00000000 ___HD () C:\Users\Tomal\AppData\Local\9UVu1vyX 2015-01-06 16:05 - 2013-02-07 15:13 - 00000000 ___HD () C:\Users\Tomal\AppData\Local\pZJhNytvhA 2015-01-06 16:00 - 2014-11-30 16:38 - 00000000 ____D () C:\Users\Tomal\AppData\Roaming\Avid 2015-01-06 15:57 - 2014-11-30 16:38 - 00000000 ____D () C:\Program Files (x86)\Avid 2015-01-06 15:34 - 2014-02-09 05:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-06 15:29 - 2012-09-11 05:25 - 00023384 _____ (Avid Technology, Inc.) C:\Windows\system32\Drivers\diginet.sys 2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-27 23:15 - 2014-09-16 21:37 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-27 23:15 - 2014-09-16 21:37 - 00000000 ____D () C:\ProgramData\Skype 2014-12-27 19:55 - 2014-08-28 14:04 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-27 19:43 - 2014-09-03 08:46 - 00000636 _____ () C:\Users\Tomal\.drjava 2014-12-16 23:16 - 2014-10-17 10:38 - 00002026 ____H () C:\Users\Tomal\Documents\Default.rdp 2014-12-13 11:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache Some content of TEMP: ==================== C:\Users\Tomal\AppData\Local\Temp\avgnt.exe C:\Users\Tomal\AppData\Local\Temp\infozip2.exe C:\Users\Tomal\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Tomal\AppData\Local\Temp\UmmyVideoDownloader.exe C:\Users\Tomal\AppData\Local\Temp\Uninstal.exe C:\Users\Tomal\AppData\Local\Temp\utt6D83.tmp.exe C:\Users\Tomal\AppData\Local\Temp\xerces-c_2_5_0.dll C:\Users\Tomal\AppData\Local\Temp\xmlDeployer.exe C:\Users\Tomal\AppData\Local\Temp\zipsetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume2 description Windows Boot Manager locale en-us inherit {globalsettings} extendedinput Yes default {current} resumeobject {c8af3dcf-2dcd-11e4-8d0c-8056f2ffd410} displayorder {current} toolsdisplayorder {memdiag} timeout 30 customactions 0x10000ba000001 0x54000001 custom:54000001 {572bcd55-ffa7-11d9-aae0-0007e994107d} Windows Boot Loader ------------------- identifier {572bcd55-ffa7-11d9-aae0-0007e994107d} device ramdisk=[C:]\tvtos\winpe.wim,{ramdiskoptions} path \windows\system32\boot\winload.exe description WinPE osdevice ramdisk=[C:]\tvtos\winpe.wim,{ramdiskoptions} systemroot \windows nx OptIn detecthal Yes winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-us inherit {bootloadersettings} osdevice partition=C: systemroot \Windows resumeobject {c8af3dcf-2dcd-11e4-8d0c-8056f2ffd410} nx OptIn bootstatuspolicy IgnoreAllFailures detecthal Yes Resume from Hibernate --------------------- identifier {c8af3dcf-2dcd-11e4-8d0c-8056f2ffd410} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-us inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume2 path \boot\memtest.exe description Windows Memory Diagnostic locale en-us inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Setup Ramdisk Options --------------------- identifier {ramdiskoptions} description Ramdisk options ramdisksdidevice partition=C: ramdisksdipath \boot\boot.sdi LastRegBack: 2015-01-04 03:22 ==================== End Of Log ============================