Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP ME BOOSTWEBAPP MALWARE SOMETHIN

Started by HELLOHALO , May 27 2015 07:20 PM
malware emergency windows 8

  • This topic is locked This topic is locked

#16
HELLOHALO
Posted 28 May 2015 - 04:56 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.3 (05.28.2015:2)
OS: Windows 8.1 x64
Ran by msingh on Thu 05/28/2015 at 15:51:16.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Flvto Youtube

Downloader

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\msingh\appdata\local\flvto youtube downloader
Successfully deleted: [Folder] C:\Users\msingh\AppData\Roaming\pcdr
Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin
Successfully deleted: [Folder] C:\ProgramData\14894195359318377223

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/28/2015 at 15:53:31.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

Advertisements

#17
HELLOHALO
Posted 28 May 2015 - 04:57 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

And um one problem, I rebooted after AWS did its thing it opened the log but then closed and I don't know where it went.


  • 0

#18
zep516
Posted 28 May 2015 - 05:01 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

You can find the log file at C:\AdwCleaner

I want the [SO].txt log, because that one shows me the deletions.
  • 0

#19
HELLOHALO
Posted 28 May 2015 - 05:04 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

# AdwCleaner v4.205 - Logfile created 28/05/2015 at 15:44:01
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : msingh - SINGH
# Running from : C:\Users\msingh\Desktop\adwcleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\msingh\Documents\ftb
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\5b08f6cd-db3a-bc5f-273d-b8abebce50a7
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v42.0.2311.135

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aapocclcgogkmnckokdopfmhonfmgoek
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aohghmighlieiainnegkcijnfilokake
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bepbmhgboaologfdajaanbcjmnhjmhfn
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : blbkdnmdcafmfhinpmnlhhddbepgkeaa
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : felcaaldnbdncclmgdcncolpebgiejap
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda

*************************

AdwCleaner[R0].txt - [5811 bytes] - [28/05/2015 15:41:26]
AdwCleaner[S0].txt - [5790 bytes] - [28/05/2015 15:44:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5849  bytes] ##########


  • 0

#20
HELLOHALO
Posted 28 May 2015 - 05:04 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

OK, now help away! :) Thx for hlpin!


  • 0

#21
HELLOHALO
Posted 28 May 2015 - 05:08 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

can I uninstall that frst, adwcleaner and stuff I downloaded or not yet? My dad wont like it if he sees it


  • 0

#22
zep516
Posted 28 May 2015 - 05:19 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Not yet! But I Have a way for you to remove all that stuff with a few clicks.. I need you to do a few things first. You can delete any frst logs and additions.txt logs on the desktop.

Run ESET Online Scanner ESET Scan may take a while......

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Next
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
Next

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Post in your next reply,
ESET scan results
Frst.txt
Addition.txt
  • 0

#23
HELLOHALO
Posted 28 May 2015 - 08:49 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\BaxeuLitojo.exe a variant of Win32/Adware.PennyBee.U application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\Cifliaejgi.EXE a variant of Win32/Adware.PennyBee.U application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\tammgF.sys a variant of Win64/Adware.PennyBee.I application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\tammgFd.sys a variant of Win64/Adware.PennyBee.I application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\tammgR.sys a variant of Win64/Adware.PennyBee.I application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\tammgRd.sys a variant of Win64/Adware.PennyBee.I application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\ukeala.EXE a variant of Win32/Adware.PennyBee.U application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\ukedla.exe a variant of Win32/Adware.PennyBee.U application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\ukedlau.dll a variant of Win32/Adware.PennyBee.U application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\ukewla.EXE a variant of Win32/Adware.PennyBee.U application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\Uninstaller.exe a variant of Win32/Adware.PennyBee.U application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\utils.exe a variant of Win32/Adware.PennyBee.U application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\yievhlulzofu.exe a variant of Win32/Adware.PennyBee.U application
C:\FRST\Quarantine\C\ProgramData\boostwebapp\1.1.0.31\yievhlulzofu64.exe Win64/Adware.PennyBee.I application
C:\FRST\Quarantine\C\WINDOWS\system32\Drivers\tammgF119.sys.xBAD a variant of Win64/Adware.PennyBee.I application
C:\FRST\Quarantine\C\WINDOWS\system32\Drivers\tammgR119.sys.xBAD a variant of Win64/Adware.PennyBee.I application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
 


  • 0

#24
HELLOHALO
Posted 28 May 2015 - 08:52 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by msingh at 2015-05-28 19:51:47
Running from C:\Users\msingh\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-814935137-3960788824-2020595886-500 - Administrator - Disabled)
Guest (S-1-5-21-814935137-3960788824-2020595886-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-814935137-3960788824-2020595886-1005 - Limited - Enabled)
msingh (S-1-5-21-814935137-3960788824-2020595886-1001 - Administrator - Enabled) => C:\Users\msingh

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Block N Load (HKLM-x32\...\Steam App 299360) (Version:  - Jagex)
Bloggie Software (HKLM-x32\...\BloggieSoftware) (Version: 3.3.1.73 - Sony)
Bloggie Software (x32 Version: 3.3.1.73 - Sony Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{C0C47F85-F48F-4709-9150-3FA62FA2DEAF}) (Version: 2.6.1000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.13.5 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
Flvto YouTube Downloader (HKLM-x32\...\Flvto YouTube Downloader) (Version: 0.6.7 - Hotger)
FMS (HKLM-x32\...\FMS) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iExplorer 3.6.9.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6261.27 - PC-Doctor, Inc.)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Predator (HKLM-x32\...\{017B444A-4C86-43AC-A9A8-D3C99143E073}) (Version: 3 - Predator-Usb)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.)
ROBLOX Player for msingh (HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for msingh (HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Unity Web Player (HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Vovoid VSXu 0.5.0 (HKLM-x32\...\VSXu 0.5.0) (Version: 0.5.0 - Vovoid Media Technologies AB)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Speech Recognition Macros (HKLM-x32\...\{8DC197D6-F4AB-44E0-ACF7-210355E6F389}) (Version: 1.0.6862.19 - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\msingh\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\msingh\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\msingh\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\msingh\AppData\Local\Roblox\Versions\version-482ae366f82d4d7c\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\msingh\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\msingh\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-814935137-3960788824-2020595886-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\msingh\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

16-05-2015 19:04:57 Removed Ji_Ga_Zo
22-05-2015 20:41:38 Windows Update
26-05-2015 18:45:13 Windows Backup
27-05-2015 19:29:14 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04697E68-1434-4621-A505-E17C8C8BE11D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {15822A82-BA76-4861-85A5-4828920E698E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2042DC01-A2E2-40BD-A9DC-FC5EB5528E10} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-02] (CyberLink Corp.)
Task: {3ED59CBC-C834-4D04-843B-26D1BD155F81} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {3F056410-9CA3-4C9A-B114-D61D5FAB2344} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001UA => C:\Users\msingh\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {58B13CCF-D30D-4DE2-B635-00E9AEF9655E} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {60EE4C2C-2572-4478-AAD8-18825985BAA5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {652009CD-07EB-4517-9CE2-2C9E1C508E6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6BDE436D-9F4B-4CBE-BA02-8ED7D5C4434C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {6C00C75C-1FD0-48BD-9452-568F2670EA94} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {783F0C23-AFC1-48AD-8DEE-A4E9777487AE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {8641F42D-7D9E-45C2-8C02-4072AB45C705} - System32\Tasks\{1C2FE9C9-ACEC-4D47-AC62-C2367C22CA4F} => pcalua.exe -a C:\Users\msingh\Downloads\FMS\fms2alpha85.exe -d C:\Users\msingh\Downloads\FMS
Task: {A1ABA4E2-18E1-420D-A793-F33CAA96980C} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {A943BFF0-67B2-4C73-A273-4B23ADEA2B03} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {A94BF97C-A5B3-4B0E-910E-D845D2A785A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-18] (Microsoft Corporation)
Task: {AE24E647-F4B2-4222-95B4-4C681B6CE6D9} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-05] (Synaptics Incorporated)
Task: {C65A8DEE-AD1D-44C4-9801-E5408115AD96} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-02] (CyberLink)
Task: {CFEF160A-B3D6-4FBF-966B-BF4A53BE4188} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001Core => C:\Users\msingh\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {D41691DE-5A3E-43D8-9140-CEFBCBC77495} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {D49B6050-1E54-45D1-83F0-4D939EA5673D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D9A65C48-7A97-4BD0-917D-AC3C229A5A0A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-18] (Microsoft Corporation)
Task: {F2D4D2E9-CE7C-4309-A678-E118CCA6B8EC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001Core.job => C:\Users\msingh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001UA.job => C:\Users\msingh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-14 13:40 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-19 21:12 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-13 23:45 - 2014-01-13 23:45 - 00012728 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.315_x64__8wekyb3d8bbwe\Microsoft.PerfTrack.winmd
2015-01-26 20:04 - 2015-01-26 20:04 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\94e2bc13589233f9d2cc54292717b8cf\Windows.Globalization.ni.dll
2015-01-26 20:04 - 2015-01-26 20:04 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2015-01-26 20:04 - 2015-01-26 20:04 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2015-01-26 20:04 - 2015-01-26 20:04 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll
2015-01-26 20:04 - 2015-01-26 20:04 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2015-05-07 19:48 - 2015-05-07 19:48 - 00143888 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.315_x64__8wekyb3d8bbwe\HNF.Utilities.winmd
2014-03-02 18:18 - 2014-03-02 18:19 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.315_x64__8wekyb3d8bbwe\SqliteWrapper.dll
2014-01-13 23:45 - 2014-01-13 23:45 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.315_x64__8wekyb3d8bbwe\Sqlite3.dll
2015-01-26 20:04 - 2015-01-26 20:04 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2015-05-07 19:48 - 2015-05-07 19:48 - 00280064 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.315_x64__8wekyb3d8bbwe\Microsoft.Bing.AppEx.Telemetry.winmd
2015-01-26 20:04 - 2015-01-26 20:04 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll
2014-03-02 18:18 - 2014-03-02 18:19 - 00016912 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.315_x64__8wekyb3d8bbwe\SqliteWrapper.winmd
2015-01-26 20:04 - 2015-01-26 20:04 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2015-02-25 17:22 - 2015-02-25 17:22 - 01383936 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Web\b9985906d4d9f96e8c8047c4657a1388\Windows.Web.ni.dll
2015-01-26 20:04 - 2015-01-26 20:04 - 00467456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Graphics\ea818a24554fc2db9a73de1e79afb286\Windows.Graphics.ni.dll
2015-01-26 20:04 - 2015-01-26 20:04 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2015-05-07 19:48 - 2015-05-07 19:48 - 00322576 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.315_x64__8wekyb3d8bbwe\AppEx.HealthAndFitnessApp.DataStoreManager.DLL
2015-05-07 19:48 - 2015-05-07 19:48 - 00033296 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.315_x64__8wekyb3d8bbwe\Microsoft.Practices.Mobile.DLL
2015-05-07 19:48 - 2015-05-07 19:48 - 00264720 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.315_x64__8wekyb3d8bbwe\Platform.UserDataStoreClient.DLL
2015-05-07 19:48 - 2015-05-07 19:48 - 00056848 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.315_x64__8wekyb3d8bbwe\Appex.HealthAndFitnessApp.DataStoreModel.DLL
2015-05-07 19:48 - 2015-05-07 19:48 - 00027664 _____ () C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.315_x64__8wekyb3d8bbwe\Platform.UserDataStoreModel.DLL
2015-01-26 20:04 - 2015-01-26 20:04 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll
2013-06-17 09:35 - 2013-06-17 09:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 11:52 - 2013-05-08 11:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2015-05-14 18:26 - 2015-05-14 18:26 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\msingh\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-814935137-3960788824-2020595886-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Theme1\img6.jpg
DNS Servers: 192.168.1.1 - 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Cifliaejgi => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: ZAtheros Wlan Agent => 2
HKLM\...\StartupApproved\StartupFolder: => "Bloggie Watcher Utility.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\StartupFolder: => "Bloggie Watcher Utility.lnk"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\StartupFolder: => "archimedes-ships-1-6-4 (1).lnk"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\StartupFolder: => "archimedes-ships-1-6-4.lnk"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "Flvto Youtube Downloader"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\StartupApproved\Run: => "Window Hide Tool"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B1AEDFFD-EF10-4B42-A867-7FD5E1654349}] => (Allow) C:\Users\msingh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{ADE91327-AE6A-4EFF-82F2-6A887F20AB27}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B9315DFC-4F7B-4B6B-A0B3-744411BE6080}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BF765730-5CE8-4134-9215-F0B88A218363}] => (Allow) LPort=1900
FirewallRules: [{63657DF8-30FD-4045-940E-A55059334063}] => (Allow) LPort=2869
FirewallRules: [{49245A28-C149-4BD8-8CCC-CE2F06E0FB4D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{42903FFD-F5DB-4070-8A8D-97597FFDD49F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{73D94D51-A362-4EA0-BB01-C5C7871310C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{5B36D55B-038D-4CA5-8901-82318BF8A073}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CEBA69AA-193E-4B0A-AF37-7642BF0B8F87}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6E2F2A52-F0C1-4764-8085-0760647486AA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD68416E-06F4-4844-A829-07A161ECF6B9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2 Demo\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C6AE1991-79D0-4A27-A2AF-17811FD0DD1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2 Demo\bin\win_x86\eurotrucks2.exe
FirewallRules: [{B18C5AF4-B569-4E9D-831A-D771847FA5B6}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{75C04C89-960B-45BB-9BE9-9232EF6E549D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A797E3DD-9913-4606-9196-57FF1BA2D763}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{100260BE-6CDE-4070-8FEA-BCEA9FD374BD}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{BA1F0C57-F37A-4EFB-A9F1-A83E8F11F5A0}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{92BC0707-F06A-4E4F-971E-DF7E30447CE1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{69D75E92-CF56-4A00-85E3-B2265880A8AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{541F4F80-096A-4DC7-A5AC-D78FE5F33940}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3D5D3870-17C2-4AC2-A654-1693FA338C33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{290E1C08-01E8-4209-AA3A-B243F7B3CB9D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C35E6038-BC16-4AF8-9037-B72F497C3636}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A5387EC1-BAD4-4799-B958-FE2C4C46F61B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{48969441-7CD1-4AFF-8D1F-934843778314}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{303808D2-7887-4738-962A-F47D18BE9F50}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [TCP Query User{F1FFF5D7-A9A9-4F20-A713-72E5C93A8A3E}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7AFA88EB-4369-4799-86BD-DD602E619A04}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{2095777F-32CA-426C-853B-5735116C13C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{AD5D2B99-1013-4F08-8E04-4AC0B4C26947}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{43A93CD5-9E8F-4955-8AEB-CB0C3E7259AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{E4F472CA-E3EB-48D3-B0EE-B2CA9F790FE4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{EF820659-9275-4690-8D63-FA3FC089B67F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dizzel\Dizzel.exe
FirewallRules: [{A0D67918-BA45-4033-9178-10B257FE469F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dizzel\Dizzel.exe
FirewallRules: [TCP Query User{389D619A-D1E2-42A6-9C7A-A713835E9D19}C:\users\msingh\desktop\kodi\kodi.exe] => (Allow) C:\users\msingh\desktop\kodi\kodi.exe
FirewallRules: [UDP Query User{BDC23E07-5061-43F1-8634-34E67D62EB87}C:\users\msingh\desktop\kodi\kodi.exe] => (Allow) C:\users\msingh\desktop\kodi\kodi.exe
FirewallRules: [TCP Query User{0551EC1B-6990-45A8-A32F-A3A798B5D571}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{121F8948-A2BF-413D-92EE-B8DEB755D4A1}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{826F9FF0-024B-4E10-AE2D-5C27BFA16D81}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A07C2A66-751F-4A71-AD67-B51645790FC5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{22B896D0-1148-46F1-A086-E0088B169E96}C:\program files (x86)\ffsplit\ffsplit.exe] => (Allow) C:\program files (x86)\ffsplit\ffsplit.exe
FirewallRules: [UDP Query User{72785844-481F-470E-913D-7956D673D34C}C:\program files (x86)\ffsplit\ffsplit.exe] => (Allow) C:\program files (x86)\ffsplit\ffsplit.exe
FirewallRules: [TCP Query User{527935E6-2E84-41D1-999A-2FA43A15808C}C:\users\msingh\downloads\sahaj\world_of_tanks\wotlauncher.exe] => (Block) C:\users\msingh\downloads\sahaj\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{301E4999-9CF1-4DA8-B85E-76962ECD0F67}C:\users\msingh\downloads\sahaj\world_of_tanks\wotlauncher.exe] => (Block) C:\users\msingh\downloads\sahaj\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{22747CD7-2A64-4E31-8D48-82B641B95773}C:\users\msingh\downloads\sahaj\world_of_tanks\worldoftanks.exe] => (Allow) C:\users\msingh\downloads\sahaj\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{ECEAA333-B6D8-46CA-8DA6-AE9A69D31768}C:\users\msingh\downloads\sahaj\world_of_tanks\worldoftanks.exe] => (Allow) C:\users\msingh\downloads\sahaj\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{8706CB4E-72F5-4FBA-9148-FAE5F6B4FAEB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8080160C-472A-4152-B6E6-5B7DDE383C2E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{056ABB18-2EE9-4446-88E4-1C39A83932D5}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{E76191AC-CD52-42DD-BA10-082AEFD9334C}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{0D889415-5D66-4061-A2F1-32CD722B6A70}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{B8654F89-0431-4165-8113-81ECFE770CBC}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{1B8B5C47-D2D7-458D-9C77-23FDE162A03C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FA551CF9-0EDF-4E60-910A-0C89D7BC260B}] => (Allow) C:\Users\msingh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{78CB0F21-C711-4022-A6EA-F220AFC2666B}] => (Allow) C:\Users\msingh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{38A6EA0B-ABD0-4CA3-95F9-6DB27029AC4D}C:\program files (x86)\java\jre1.8.0_25\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{9034D7A2-4BC9-4F51-AC8F-7B088D0033E3}C:\program files (x86)\java\jre1.8.0_25\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\java.exe
FirewallRules: [TCP Query User{071948A1-ADC3-49C8-A70C-3F55E97D9E15}C:\users\msingh\downloads\sahaj\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\msingh\downloads\sahaj\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B24264E2-3F99-471B-AD4E-ED8B735CF08D}C:\users\msingh\downloads\sahaj\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\msingh\downloads\sahaj\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A97543E4-17B7-4E0A-9532-EDA24D4F2D3D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{ABBD2C04-1315-4885-BBCC-9769951B8694}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{6270F254-0334-449C-9546-2D2D67B2C181}C:\users\msingh\downloads\sahaj\mcpe server\pocketmine-mp\bin\php\php.exe] => (Allow) C:\users\msingh\downloads\sahaj\mcpe server\pocketmine-mp\bin\php\php.exe
FirewallRules: [UDP Query User{7C9F9F54-0BDF-4DB8-BB3A-6CC8EEE1E175}C:\users\msingh\downloads\sahaj\mcpe server\pocketmine-mp\bin\php\php.exe] => (Allow) C:\users\msingh\downloads\sahaj\mcpe server\pocketmine-mp\bin\php\php.exe
FirewallRules: [TCP Query User{33B38B44-3FA0-4B1B-AA19-76C0C53553E1}C:\users\msingh\downloads\sahaj\pocketmine-mp\bin\php\php.exe] => (Allow) C:\users\msingh\downloads\sahaj\pocketmine-mp\bin\php\php.exe
FirewallRules: [UDP Query User{BD7DC619-7DDB-4EDF-8C35-DDD652CA9786}C:\users\msingh\downloads\sahaj\pocketmine-mp\bin\php\php.exe] => (Allow) C:\users\msingh\downloads\sahaj\pocketmine-mp\bin\php\php.exe
FirewallRules: [{2F02D50B-B5E3-46F8-9867-2901F033BD84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{4D8B1DD6-D67F-4DE0-A577-1308A933B97B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{4A91C558-652D-48C0-89B0-F5F30E3E97F8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 05:24:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: igd10iumd32.dll, version: 10.18.10.3379, time stamp: 0x52b20a9b
Exception code: 0xc0000005
Fault offset: 0x0003c007
Faulting process id: 0x3acc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (05/28/2015 05:21:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2694

Start Time: 01d099a4a8e87120

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 9d88f20d-0598-11e5-bedd-74867a3d23a5

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (05/28/2015 03:32:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2c4

Start Time: 01d09996127a4b3e

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\wwahost.exe

Report Id: 5aca0afc-0589-11e5-bedb-74867a3d23a5

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: Microsoft.WindowsLive.Mail

Error: (05/28/2015 03:32:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SINGH)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/28/2015 03:31:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SINGH)
Description: App microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail did not launch within its allotted time.

Error: (05/27/2015 08:34:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.2.929 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11d4

Start Time: 01d098f681a4dc04

Termination Time: 15

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 5ed95d9a-04ea-11e5-bedb-74867a3d23a5

Faulting package full name:

Faulting package-relative application ID:

Error: (05/27/2015 07:29:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service vemifotj since QueryServiceConfig API failed

System Error:
Access is denied.
.

Error: (05/27/2015 07:29:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service luonilhkog since QueryServiceConfig API failed

System Error:
Access is denied.
.

Error: (05/27/2015 07:29:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service.

System Error:
Access is denied.
.

Error: (05/27/2015 07:29:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service.

System Error:
Access is denied.
.

System errors:
=============
Error: (05/28/2015 05:30:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Error: (05/28/2015 04:15:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Error: (05/28/2015 04:15:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Error: (05/28/2015 04:09:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Error: (05/28/2015 04:09:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 47.

Error: (05/28/2015 03:51:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/28/2015 03:51:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/28/2015 03:51:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/28/2015 03:44:34 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (05/28/2015 03:44:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office:
=========================
Error: (05/28/2015 05:24:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9igd10iumd32.dll10.18.10.337952b20a9bc00000050003c0073acc01d099a254d0d1e1C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\igd10iumd32.dll1c71177e-0599-11e5-bedd-74867a3d23a5

Error: (05/28/2015 05:21:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415269401d099a4a8e871204294967295C:\WINDOWS\syswow64\wwahost.exe9d88f20d-0598-11e5-bedd-74867a3d23a5Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (05/28/2015 03:32:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174152c401d09996127a4b3e4294967295C:\WINDOWS\system32\wwahost.exe5aca0afc-0589-11e5-bedb-74867a3d23a5microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail

Error: (05/28/2015 03:32:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SINGH)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142

Error: (05/28/2015 03:31:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SINGH)
Description: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail

Error: (05/27/2015 08:34:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.2.92911d401d098f681a4dc0415C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe5ed95d9a-04ea-11e5-bedb-74867a3d23a5

Error: (05/27/2015 07:29:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service vemifotj since QueryServiceConfig API failed

System Error:
Access is denied.

Error: (05/27/2015 07:29:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service luonilhkog since QueryServiceConfig API failed

System Error:
Access is denied.

Error: (05/27/2015 07:29:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service.

System Error:
Access is denied.

Error: (05/27/2015 07:29:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service.

System Error:
Access is denied.

CodeIntegrity Errors:
===================================
  Date: 2015-05-15 21:18:39.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.973
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.801
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.723
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.598
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.473
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.176
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2015-05-15 21:18:38.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 33%
Total physical RAM: 7908.96 MB
Available physical RAM: 5278.04 MB
Total Pagefile: 15844.96 MB
Available Pagefile: 13239.99 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.82 GB) (Free:814.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E648430E)

Partition: GPT Partition Type.

==================== End of log ============================


  • 0

#25
HELLOHALO
Posted 28 May 2015 - 08:53 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by msingh (administrator) on SINGH on 28-05-2015 19:51:00
Running from C:\Users\msingh\Desktop
Loaded Profiles: msingh (Available Profiles: msingh & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3015408 2013-03-05] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\Run: [Google Update] => C:\Users\msingh\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-02-03] (Google Inc.)
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\...\Run: [Window Hide Tool] => C:\Users\msingh\Downloads\Sahaj\Window Hide Tool\Window Hide Tool.exe
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2014-08-19]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\archimedes-ships-1-6-4 (1).lnk [2015-03-14]
ShortcutTarget: archimedes-ships-1-6-4 (1).lnk -> C:\ProgramData\{60f6bfdc-e75d-1009-60f6-6bfdce75ff73}\archimedes-ships-1-6-4 (1).exe (No File)
Startup: C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\archimedes-ships-1-6-4.lnk [2015-03-14]
ShortcutTarget: archimedes-ships-1-6-4.lnk -> C:\ProgramData\{5e5b9afa-55d1-9505-5e5b-b9afa55d6be9}\archimedes-ships-1-6-4.exe (No File)
Startup: C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2014-08-19]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-814935137-3960788824-2020595886-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-814935137-3960788824-2020595886-1001\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = www.roblox.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1
Tcpip\..\Interfaces\{0AD46076-7C3C-4822-AD70-9805CA3D3AAD}: [NameServer] 8.8.8.8

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-02] (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @nsroblox.roblox.com/launcher -> C:\Users\msingh\AppData\Local\Roblox\Versions\version-482ae366f82d4d7c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\msingh\AppData\Local\Roblox\Versions\version-482ae366f82d4d7c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\msingh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @talk.google.com/O1DPlugin -> C:\Users\msingh\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @tools.google.com/Google Update;version=3 -> C:\Users\msingh\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @tools.google.com/Google Update;version=9 -> C:\Users\msingh\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\msingh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\msingh\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\msingh\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected] [2014-07-11]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (YouTube) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (Google Search) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-02-11]
CHR Extension: (Rainbow City) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmhabfigjhoechkebmkmjdnkadpfekpj [2015-05-23]
CHR Extension: (Bookmark Manager) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28]
CHR Extension: (Hangouts) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-04-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Google Wallet) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\msingh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [182304 2014-11-07] (EasyAntiCheat Ltd)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
S4 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-18] (Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-09] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-03-02] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-11] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-07-11] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-07-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-07-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-07-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-07-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-07-11] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-06-01] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-03-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-05] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 19:51 - 2015-05-28 19:51 - 00019501 _____ () C:\Users\msingh\Desktop\FRST.txt
2015-05-28 19:50 - 2015-05-28 19:50 - 02108928 _____ (Farbar) C:\Users\msingh\Desktop\FRST64.exe
2015-05-28 16:26 - 2015-05-28 16:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-28 16:02 - 2015-05-28 16:02 - 00005933 _____ () C:\Users\msingh\Documents\AdwCleaner[S0].txt
2015-05-28 15:53 - 2015-05-28 15:53 - 00001239 _____ () C:\Users\msingh\Documents\JRT.txt
2015-05-28 15:51 - 2015-05-28 15:51 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-SINGH-Windows-8.1-(64-bit).dat
2015-05-28 15:51 - 2015-05-28 15:51 - 00000000 ____D () C:\RegBackup
2015-05-28 15:41 - 2015-05-28 15:50 - 00000000 ____D () C:\AdwCleaner
2015-05-28 15:36 - 2015-05-28 15:36 - 02223104 _____ () C:\Users\msingh\Desktop\adwcleaner_4.205.exe
2015-05-27 19:46 - 2015-05-27 20:34 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-27 19:46 - 2015-05-27 19:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-27 19:46 - 2015-05-27 19:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-27 19:46 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-27 19:46 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-27 19:46 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-27 17:36 - 2015-05-27 17:36 - 00050624 _____ () C:\Users\msingh\Downloads\Addition.txt
2015-05-27 17:35 - 2015-05-28 19:51 - 00000000 ____D () C:\FRST
2015-05-27 17:35 - 2015-05-27 17:36 - 00044942 _____ () C:\Users\msingh\Downloads\FRST.txt
2015-05-27 16:59 - 2015-05-27 16:59 - 01190415 _____ () C:\Users\msingh\Downloads\ProcessExplorer.zip
2015-05-27 16:59 - 2015-05-27 16:59 - 00000000 ____D () C:\Users\msingh\Downloads\ProcessExplorer
2015-05-27 16:49 - 2015-05-27 16:49 - 00000000 ____D () C:\Users\msingh\Documents\ProcessExplorer
2015-05-26 18:58 - 2015-05-26 18:58 - 00002232 _____ () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto YouTube Downloader.lnk
2015-05-26 18:58 - 2015-05-26 18:58 - 00001522 _____ () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Flvto YouTube Downloader.lnk
2015-05-26 17:45 - 2015-05-26 17:45 - 00457824 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\71CB6FB8.sys
2015-05-26 16:42 - 2015-05-26 16:42 - 00332120 _____ () C:\WINDOWS\Minidump\052615-22625-01.dmp
2015-05-23 17:51 - 2015-05-23 17:51 - 00000512 _____ () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OS ©.lnk
2015-05-22 19:38 - 2015-05-25 11:21 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-05-16 21:59 - 2015-05-16 22:00 - 00000000 ____D () C:\Users\msingh\.gradle
2015-05-16 21:56 - 2015-05-16 21:56 - 00000000 ____D () C:\Users\msingh\Downloads\WorldEdit-master
2015-05-16 21:52 - 2015-05-16 21:55 - 01332432 _____ () C:\Users\msingh\Downloads\WorldEdit-master.zip
2015-05-16 14:40 - 2015-05-22 19:41 - 00000000 ____D () C:\Users\msingh\AppData\Local\Roblox
2015-05-16 12:24 - 2015-05-16 12:24 - 00000000 ____D () C:\Users\msingh\Documents\Curse
2015-05-16 11:40 - 2015-05-20 15:03 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\Curse Client
2015-05-16 11:40 - 2015-05-16 11:40 - 00001072 _____ () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2015-05-16 11:39 - 2015-05-16 11:39 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\Curse
2015-05-15 15:57 - 2015-05-15 15:57 - 00000000 ____D () C:\Users\msingh\vsxu
2015-05-15 15:34 - 2015-04-24 14:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-15 15:34 - 2015-04-09 17:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-15 15:34 - 2015-04-09 17:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-15 15:34 - 2015-04-02 17:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-15 15:34 - 2015-04-02 17:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-15 15:34 - 2015-04-01 15:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-15 15:34 - 2015-04-01 15:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-15 15:34 - 2015-03-31 20:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-15 15:34 - 2015-03-31 19:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-15 15:34 - 2015-03-19 18:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-15 15:34 - 2015-03-17 10:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-15 15:34 - 2015-03-12 21:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-15 15:34 - 2015-03-12 21:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-15 15:34 - 2015-03-12 19:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-15 15:34 - 2015-03-12 18:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-15 15:34 - 2015-03-12 17:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-15 15:34 - 2015-03-12 17:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-15 15:34 - 2015-03-10 18:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-15 15:34 - 2015-03-10 18:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-15 15:34 - 2015-03-08 19:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-15 15:34 - 2015-03-05 20:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-15 15:34 - 2015-03-05 19:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-15 15:34 - 2015-03-05 19:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-15 15:34 - 2015-03-04 16:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-15 15:34 - 2015-03-03 18:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-15 15:34 - 2015-03-03 18:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-15 15:34 - 2015-02-17 16:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-15 15:34 - 2015-01-29 17:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-15 15:34 - 2014-11-13 23:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-13 15:36 - 2015-04-30 13:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:36 - 2015-04-30 13:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:57 - 2015-03-29 22:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 21:57 - 2015-03-26 20:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 21:57 - 2015-03-26 19:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 21:57 - 2015-03-26 19:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 21:56 - 2015-04-09 18:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 21:56 - 2015-04-09 17:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 21:56 - 2015-04-08 15:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 21:55 - 2015-04-30 16:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 21:55 - 2015-04-30 15:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 21:55 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 21:55 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 21:55 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 21:55 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 21:55 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 21:55 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 21:55 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 21:55 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 21:55 - 2015-04-21 09:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 21:55 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 21:55 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 21:55 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 09:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 21:55 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 21:55 - 2015-04-21 08:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 21:55 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 21:55 - 2015-04-21 08:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 21:55 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 21:55 - 2015-04-21 08:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 21:55 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 08:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 21:55 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 08:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 21:55 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 21:55 - 2015-04-21 08:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 21:55 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 21:55 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 08:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 21:55 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 21:55 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 21:55 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 21:55 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 21:55 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-12 21:55 - 2015-04-13 15:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 21:55 - 2015-04-09 17:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-07 19:46 - 2015-05-07 19:46 - 00000000 ____D () C:\KVRT_Data
2015-05-07 19:44 - 2015-05-07 19:46 - 302786560 _____ () C:\Users\msingh\Downloads\kav_rescue_10.iso
2015-05-07 19:44 - 2015-05-07 19:45 - 110656344 _____ (Kaspersky Lab ZAO) C:\Users\msingh\Downloads\KVRT.exe
2015-05-07 19:30 - 2015-05-07 19:30 - 00000017 _____ () C:\Users\msingh\AppData\Local\resmon.resmoncfg
2015-05-07 15:41 - 2015-05-07 15:42 - 00761600 _____ () C:\WINDOWS\Minidump\050715-24718-01.dmp
2015-05-06 15:13 - 2015-05-06 15:13 - 00340320 _____ () C:\WINDOWS\Minidump\050615-35187-01.dmp
2015-05-04 18:41 - 2015-05-04 18:41 - 00008664 _____ () C:\Users\msingh\Downloads\A606.tmp
2015-04-28 17:00 - 2015-04-28 17:00 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 19:50 - 2014-01-04 18:38 - 02050998 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-28 19:19 - 2014-10-17 12:04 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-28 19:15 - 2015-02-03 20:01 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001UA.job
2015-05-28 19:12 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-28 16:15 - 2015-02-03 20:01 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001Core.job
2015-05-28 15:57 - 2013-12-15 11:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-28 15:50 - 2013-11-14 00:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-28 15:46 - 2015-01-01 18:18 - 00009181 _____ () C:\WINDOWS\setupact.log
2015-05-28 15:46 - 2014-10-17 12:04 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 15:46 - 2014-01-04 19:24 - 00000000 ___DO () C:\Users\msingh\SkyDrive
2015-05-28 15:46 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-28 15:45 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-28 15:39 - 2015-02-14 20:28 - 00014142 _____ () C:\WINDOWS\PFRO.log
2015-05-28 15:34 - 2014-01-07 15:16 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{098A15F4-7D2F-4B1B-9498-3B85E71CABE5}
2015-05-27 20:24 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-05-27 20:23 - 2015-01-22 22:07 - 00000000 ____D () C:\iExplorer
2015-05-27 20:23 - 2014-03-01 19:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-27 20:21 - 2013-12-15 10:47 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-814935137-3960788824-2020595886-1001
2015-05-26 19:02 - 2015-02-04 17:14 - 00000000 ____D () C:\Users\msingh\Downloads\Sahaj
2015-05-26 18:58 - 2015-02-04 19:22 - 00000000 ____D () C:\Users\msingh\AppData\Local\Hotger
2015-05-26 17:42 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-26 17:36 - 2013-09-19 13:42 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-26 16:46 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-26 16:42 - 2015-01-02 21:58 - 679212332 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-26 16:42 - 2014-04-09 11:44 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-26 16:42 - 2014-01-04 18:27 - 00000000 ____D () C:\Users\msingh
2015-05-25 12:26 - 2014-10-11 09:07 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\SpaceEngineers
2015-05-25 12:17 - 2015-01-26 18:35 - 00000000 ____D () C:\Users\msingh\AppData\Local\ftblauncher
2015-05-25 12:16 - 2015-01-26 18:35 - 00000000 ____D () C:\Users\msingh\AppData\Roaming\ftblauncher
2015-05-19 15:15 - 2013-12-18 15:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-17 17:17 - 2014-01-14 19:16 - 00108544 ___SH () C:\Users\msingh\Desktop\Thumbs.db
2015-05-17 16:10 - 2013-08-22 07:44 - 00493392 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-17 16:05 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 19:10 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-15 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-15 16:10 - 2015-02-03 20:01 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001UA
2015-05-15 16:10 - 2015-02-03 20:01 - 00003492 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-814935137-3960788824-2020595886-1001Core
2015-05-14 18:56 - 2013-12-15 10:32 - 00000000 ____D () C:\Users\msingh\AppData\Local\Packages
2015-05-14 17:58 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 15:34 - 2013-11-14 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-05 10:59 - 2014-10-18 18:42 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 10:59 - 2014-10-18 18:42 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-04 19:03 - 2014-12-22 13:55 - 00094720 ___SH () C:\Users\msingh\Downloads\Thumbs.db
2015-05-02 19:56 - 2015-01-22 21:46 - 00000000 ____D () C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2015-05-07 19:30 - 2015-05-07 19:30 - 0000017 _____ () C:\Users\msingh\AppData\Local\resmon.resmoncfg
2015-03-18 19:09 - 2015-03-18 19:09 - 0000406 _____ () C:\Users\msingh\AppData\Local\Temp-log.txt
2013-09-19 13:42 - 2013-09-19 13:42 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-09-19 13:38 - 2013-09-19 13:39 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-09-19 13:39 - 2013-09-19 13:40 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-09-19 13:37 - 2013-09-19 13:38 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-09-19 13:40 - 2013-09-19 13:42 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-27 20:22

==================== End of log ============================


  • 0

Advertisements

#26
HELLOHALO
Posted 28 May 2015 - 08:55 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

SECURITY CHECK

 

 Results of screen317's Security Check version 1.002 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25 
 Java version 32-bit out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avp.exe 
 Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avpui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


  • 0

#27
zep516
Posted 28 May 2015 - 09:29 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
I suggest you remove this program from your programs an features list.
Pando Media Booster

Your Java is out of date:

Note
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.
I would uninstall it from the programs an Features menu anything called Java. Start > Control Panel > Programs & Features, uninstall all Java.

Next
A few items to fix, left overs. Otherwise things look good!

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
Task: {D41691DE-5A3E-43D8-9140-CEFBCBC77495} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {A1ABA4E2-18E1-420D-A793-F33CAA96980C} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\msingh\SkyDrive:ms-properties
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FirewallRules: [{B18C5AF4-B569-4E9D-831A-D771847FA5B6}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{75C04C89-960B-45BB-9BE9-9232EF6E549D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A797E3DD-9913-4606-9196-57FF1BA2D763}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{100260BE-6CDE-4070-8FEA-BCEA9FD374BD}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{BA1F0C57-F37A-4EFB-A9F1-A83E8F11F5A0}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state off
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the fix log.txt

How is the computer now ?
  • 0

#28
HELLOHALO
Posted 01 June 2015 - 07:37 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Sorry I'm late, was busy and here you go. FYI I need Java I use it for games and stuff.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by msingh at 2015-06-01 18:27:05 Run:2
Running from C:\Users\msingh\Desktop
Loaded Profiles: msingh (Available Profiles: msingh & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
Task: {D41691DE-5A3E-43D8-9140-CEFBCBC77495} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {A1ABA4E2-18E1-420D-A793-F33CAA96980C} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\msingh\SkyDrive:ms-properties
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin HKU\S-1-5-21-814935137-3960788824-2020595886-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FirewallRules: [{B18C5AF4-B569-4E9D-831A-D771847FA5B6}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{75C04C89-960B-45BB-9BE9-9232EF6E549D}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A797E3DD-9913-4606-9196-57FF1BA2D763}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{100260BE-6CDE-4070-8FEA-BCEA9FD374BD}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{BA1F0C57-F37A-4EFB-A9F1-A83E8F11F5A0}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state off
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D41691DE-5A3E-43D8-9140-CEFBCBC77495} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1ABA4E2-18E1-420D-A793-F33CAA96980C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1ABA4E2-18E1-420D-A793-F33CAA96980C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key Removed successfully
C:\Users\msingh\SkyDrive => ":ms-properties" ADS Removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys" => key Removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys" => key Removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys" => key Removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys" => key Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin" => key Removed successfully
"HKU\S-1-5-21-814935137-3960788824-2020595886-1001\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => key Removed successfully
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B18C5AF4-B569-4E9D-831A-D771847FA5B6} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75C04C89-960B-45BB-9BE9-9232EF6E549D} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A797E3DD-9913-4606-9196-57FF1BA2D763} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{100260BE-6CDE-4070-8FEA-BCEA9FD374BD} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA1F0C57-F37A-4EFB-A9F1-A83E8F11F5A0} => value not found.

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state off =========

Ok.

========= End of CMD: =========

EmptyTemp: => Removed 490.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog 18:28:49 ====


  • 0

#29
HELLOHALO
Posted 01 June 2015 - 07:40 PM

HELLOHALO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Also my computer is pretty good now, it is like it was just opened again. When I boot it is super fast and I no longer see the Ukewla and bull- stuff. Thanks a Lot! But um one question, how come you were removing an app that came with the PC, "PCDoctor" I though it was fine. Or  maybe I just misunderstood the FixLog thing.


Edited by HELLOHALO, 01 June 2015 - 07:41 PM.

  • 0

#30
zep516
Posted 01 June 2015 - 07:53 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts

Hello,

 

That's a PCDoctor task not the app! , with no task file associated with it., I remove entries that don't have file associations there called orphaned entries and can cause various strange errors at time.

 

If no further issues remain lets clean up all the tools  I had you download and we will close this ticket.

To do that;

 

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware, emergency, windows 8

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP