Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible infection or hacked? [Closed] [Solved]


  • This topic is locked This topic is locked

#1
queendom

queendom

    Member

  • Member
  • PipPip
  • 68 posts
I think my computer is infected.

1. All of my Gmail addresses have been flagged for suspicious activity. I access all of them using an email add-on in Firefox and also on my mobile devices. So, they're accessible without having to input a password, as long as you have access to the devices. Google flagged account log-ins that were made on my desktop. I am the sole user of the computer and have not made any changes to the computer, ISP, or conducted any abnormal activity.

2. Received email stating someone unsucessfully tried to log into a website using my info. I tracked the IP address in the email to an IP cloaker service.
 
3. Also, a customer at my job contacted me at my personal email address. Although I work on the same computer, my personal information isn't disclosed to customers. There are email records of all communication with the customer with no link to my personal address.
 
Thanks in advance for your help with this!!
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by ronak_000 (administrator) on HERPANDORA on 10-07-2015 21:19:20
Running from C:\Users\ronak_000\Desktop
Loaded Profiles: ronak_000 (Available Profiles: ronak_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(VertoAnalytics Oy) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
(Verto Analytics Inc) C:\Program Files (x86)\SmartApp\SmartApp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Spotify Ltd) C:\Users\ronak_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJIE.EXE
() C:\Program Files\Firestorm-Releasex64\win_crash_logger.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.3.9600.17415_none_1949a3402e134bf5\taskhost.exe
() C:\Program Files\Firestorm-Releasex64\win_crash_logger.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Firestorm-Releasex64\win_crash_logger.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-10-24] (Hewlett-Packard )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1065680 2015-05-29] (Carbonite, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [Spotify Web Helper] => C:\Users\ronak_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-09] (Spotify Ltd)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJIE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJIE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2015-05-27]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1956968038-1783308290-1564097226-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-1956968038-1783308290-1564097226-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL = http://www.amazon.co...s={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
Toolbar: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CE5EC543-607A-4404-846A-D8DCA026C6FC}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-04] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: FT DeepDark - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-06-25]
FF Extension: WOT - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-06]
FF Extension: AmabayFox - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\[email protected] [2015-06-28]
FF Extension: Add to Amazon Wish List Button - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\[email protected] [2015-05-27]
FF Extension: Open in IE - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\[email protected] [2015-05-27]
FF Extension: X-notifier - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-05-27]
FF Extension: Adblock Plus - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-27]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-07-06]

Chrome:
=======
CHR Profile: C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Yahoo Web) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-27]
CHR Extension: (YouTube) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-27]
CHR Extension: (Google Search) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-27]
CHR Extension: (Upromise RewardU Toolbar) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpocmpoechljihmgemoaahhmadaenbc [2015-05-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-05-27]
CHR Extension: (Google Sheets) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (AdBlock) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-27]
CHR Extension: (Screenwise Trends Panel) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieefkpoaagiboijfjhidningfpomge [2015-05-27]
CHR Extension: (Rating Program Extension) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\imbankdmoclhcdmdejkklikkpaidaeij [2015-05-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27]
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-06-28]
CHR Extension: (Gmail) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-30] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-05-27] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-05-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-05-27] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [55128 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 21:19 - 2015-07-10 21:19 - 00023456 _____ C:\Users\ronak_000\Desktop\FRST.txt
2015-07-10 21:18 - 2015-07-10 21:19 - 00000000 ____D C:\FRST
2015-07-10 21:18 - 2015-07-10 21:18 - 02112512 _____ (Farbar) C:\Users\ronak_000\Desktop\FRST64.exe
2015-07-07 17:07 - 2015-07-07 20:00 - 00000000 ____D C:\Users\ronak_000\Desktop\sapyoumightfindthisinteresting
2015-07-07 17:07 - 2015-07-07 17:07 - 00028652 _____ C:\Users\ronak_000\Desktop\sapyoumightfindthisinteresting.zip
2015-07-07 14:00 - 2015-07-07 14:00 - 00002154 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-07-07 14:00 - 2015-07-07 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2015-07-06 21:14 - 2015-07-06 21:14 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Apple Computer
2015-07-06 20:48 - 2015-07-06 20:48 - 00000000 ____D C:\Program Files (x86)\Hp
2015-07-06 20:39 - 2015-07-06 20:39 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-07-06 20:39 - 2015-07-06 20:39 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-07-06 20:39 - 2015-07-06 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-07-06 20:39 - 2015-07-06 20:39 - 00000000 ____D C:\ProgramData\Logishrd
2015-07-06 20:39 - 2015-07-06 20:39 - 00000000 ____D C:\Program Files\Logitech
2015-07-06 20:39 - 2015-06-17 02:03 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-07-06 20:38 - 2015-07-06 20:39 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2015-07-06 20:38 - 2015-06-17 05:10 - 42729104 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 30481552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 22947144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 16145200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 15866992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 15224784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 14497520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 13263056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 11831856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 11011216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-07-06 20:38 - 2015-06-17 05:10 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 02599752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435330.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435330.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 01099992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 01060168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 01050768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00982672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00975176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00938752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00408392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-07-06 20:38 - 2015-06-17 05:10 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-07-06 20:09 - 2015-07-06 20:09 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Apple Computer
2015-07-06 19:14 - 2015-07-06 19:14 - 00001859 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-06 19:14 - 2015-07-06 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-06 19:14 - 2015-07-06 19:14 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-06 19:14 - 2015-07-06 19:14 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-06 19:13 - 2015-07-06 19:13 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-07-06 19:13 - 2015-07-06 19:13 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-07-06 19:13 - 2015-07-06 19:13 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Logitech
2015-07-06 19:13 - 2015-07-06 19:13 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Logishrd
2015-07-06 19:13 - 2015-07-06 19:13 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Apple
2015-07-06 19:13 - 2015-07-06 19:13 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-07-06 19:11 - 2015-07-06 19:11 - 01976358 _____ C:\Users\ronak_000\Desktop\call_16-49-43_IN_+17064942609.AMR
2015-07-06 17:59 - 2015-07-06 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 00:21 - 2015-07-03 00:21 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\NVIDIA
2015-07-03 00:14 - 2015-06-17 05:10 - 17724600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-07-03 00:14 - 2015-06-17 05:10 - 03395648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-07-03 00:01 - 2015-07-03 00:01 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\TeamViewer
2015-07-02 23:46 - 2015-07-06 20:54 - 00000000 ____D C:\Users\ronak_000\AppData\Local\LogMeIn Rescue Applet
2015-07-02 23:39 - 2015-07-03 17:18 - 00000000 ____D C:\Users\ronak_000\Desktop\To Do
2015-06-28 00:06 - 2015-06-28 00:06 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Tera_Awesomium
2015-06-28 00:04 - 2015-06-28 00:04 - 00000000 ____D C:\Users\ronak_000\AppData\Local\TERA
2015-06-28 00:03 - 2015-06-28 00:05 - 20027424 _____ (metaspinner net GmbH) C:\Users\ronak_000\Desktop\Pricepirates7_setup.exe
2015-06-20 20:30 - 2015-06-20 20:30 - 18461219 _____ C:\Users\ronak_000\Desktop\Attachments_2015620.zip
2015-06-19 05:59 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-06-19 05:59 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-06-19 05:59 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-06-19 05:59 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-06-19 05:41 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-19 05:41 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-06-19 05:41 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-06-19 05:41 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-06-19 05:14 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-06-19 05:14 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-06-19 05:14 - 2015-04-30 21:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-06-19 05:14 - 2015-04-30 21:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-06-19 05:14 - 2015-04-30 21:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-06-19 05:14 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-19 05:14 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-19 05:01 - 2015-05-15 18:01 - 00133288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-06-19 05:01 - 2015-05-15 17:05 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-06-19 05:01 - 2015-05-15 16:47 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-06-19 05:01 - 2015-05-15 16:23 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-06-19 05:01 - 2015-05-15 15:42 - 03682304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-06-19 05:01 - 2015-05-15 15:32 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-06-19 05:01 - 2015-05-15 15:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-06-19 05:01 - 2015-05-15 15:28 - 02223104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-06-19 05:01 - 2015-05-15 15:28 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-06-19 05:01 - 2015-05-15 15:28 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-06-19 05:01 - 2015-05-15 15:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-06-19 05:01 - 2015-05-15 15:21 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-06-19 05:01 - 2015-05-15 15:21 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-06-19 05:01 - 2015-05-15 15:19 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-06-19 05:01 - 2015-05-15 15:19 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-06-19 05:00 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-19 05:00 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-06-19 05:00 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-19 05:00 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-06-19 05:00 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-06-19 05:00 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-06-19 05:00 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-06-19 05:00 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-19 05:00 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-19 04:45 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-19 04:45 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-19 04:45 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-19 04:45 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-19 04:41 - 2015-06-19 04:41 - 00000000 ____D C:\Users\ronak_000\AppData\Local\GWX
2015-06-19 04:37 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-06-19 04:37 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-19 04:37 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-19 04:37 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-19 04:37 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-19 04:37 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-19 04:37 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-06-19 03:30 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-06-19 03:30 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-06-19 03:30 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-06-19 03:30 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-06-19 03:30 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-19 03:30 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-19 03:30 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-19 03:30 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-19 03:30 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-19 03:30 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-19 03:30 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-19 03:30 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-19 03:30 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-19 03:30 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-19 03:30 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-19 03:30 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-19 03:30 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTime.qts
2015-06-14 20:02 - 2015-06-14 20:02 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-13 19:46 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-13 19:46 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-13 19:46 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-13 19:46 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-13 19:46 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-13 19:46 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-13 19:46 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-13 19:46 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-13 19:46 - 2015-01-05 23:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-06-13 19:46 - 2015-01-05 22:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-06-13 19:46 - 2015-01-05 21:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-06-13 19:46 - 2015-01-05 21:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-06-13 19:46 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-06-13 19:46 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-06-13 19:42 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-13 19:42 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-13 19:42 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 12:54 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 12:54 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 12:54 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 12:54 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 12:54 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 12:54 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 12:54 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 12:54 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 12:54 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 12:54 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 12:54 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 12:54 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 12:54 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 12:54 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 12:54 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 12:54 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 12:54 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 12:54 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 12:54 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 12:54 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 12:54 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 12:54 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 12:54 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 12:54 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 12:54 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 12:54 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 12:54 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 12:54 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 12:54 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 12:54 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 12:54 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 12:54 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 12:54 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 12:54 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 12:54 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 12:54 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 12:54 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 12:54 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 12:54 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 12:54 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 12:54 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 12:54 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 12:54 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 21:13 - 2015-05-27 14:55 - 00000000 ____D C:\Users\ronak_000\AppData\Local\ClassicShell
2015-07-10 21:12 - 2015-05-27 15:01 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-10 21:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-10 20:59 - 2015-06-02 10:00 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Spotify
2015-07-10 19:20 - 2015-06-02 10:00 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Spotify
2015-07-10 18:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-07-10 16:12 - 2015-05-27 11:37 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B58D2DC0-5384-4315-9E71-00C3983E739A}
2015-07-10 16:08 - 2015-05-27 15:18 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-09 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-09 07:10 - 2015-05-27 15:47 - 00004980 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HERPANDORA-ronak_000 HerPandora
2015-07-09 06:55 - 2015-06-04 19:31 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-08 13:12 - 2015-05-27 15:01 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 06:49 - 2015-06-05 10:55 - 00004104 _____ C:\WINDOWS\System32\Tasks\SmartAppLiveUpdater
2015-07-08 06:49 - 2015-06-05 10:55 - 00003338 _____ C:\WINDOWS\System32\Tasks\SmartAppMonitor
2015-07-08 06:49 - 2015-06-05 10:55 - 00000000 ____D C:\Program Files (x86)\SmartApp
2015-07-07 19:17 - 2015-05-31 11:11 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Skype
2015-07-07 18:14 - 2015-05-27 11:42 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1956968038-1783308290-1564097226-1001
2015-07-07 17:10 - 2015-05-27 11:36 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Packages
2015-07-07 14:00 - 2015-05-27 15:25 - 00004156 _____ C:\WINDOWS\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2015-07-06 21:18 - 2014-11-21 04:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-06 21:15 - 2015-05-27 14:51 - 00000000 ___DO C:\Users\ronak_000\OneDrive
2015-07-06 21:14 - 2015-05-27 15:38 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\stickies
2015-07-06 21:12 - 2015-05-27 16:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-06 21:12 - 2015-05-27 15:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-06 21:12 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-06 21:12 - 2013-08-22 10:44 - 00461232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-06 21:12 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-06 20:38 - 2015-05-27 16:20 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-06 20:38 - 2015-05-27 14:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-05 15:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-05 06:08 - 2015-05-27 13:33 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-04 20:26 - 2015-06-04 19:31 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-07-04 19:29 - 2015-05-27 19:29 - 00777728 ___SH C:\Users\ronak_000\Desktop\Thumbs.db
2015-07-04 00:54 - 2015-05-27 11:37 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Adobe
2015-07-03 17:27 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-03 17:25 - 2015-05-27 14:50 - 00000000 ____D C:\Users\ronak_000\AppData\Local\NVIDIA
2015-07-03 17:25 - 2015-05-27 14:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-03 17:18 - 2015-05-27 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-03 17:18 - 2015-05-27 15:31 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-03 17:18 - 2015-05-27 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-03 17:18 - 2015-05-27 15:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-03 17:18 - 2015-05-27 14:54 - 00000000 ____D C:\ProgramData\ClassicShell
2015-07-03 17:18 - 2015-05-27 14:37 - 00000000 ____D C:\Users\ronak_000
2015-07-03 17:18 - 2015-05-27 14:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-07-03 17:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-07-03 17:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\security
2015-07-03 17:17 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration
2015-07-03 17:17 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Help
2015-06-28 07:00 - 2015-05-27 16:24 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-28 06:59 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-06-27 22:27 - 2015-05-27 16:33 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-27 19:22 - 2015-05-27 15:19 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-27 19:22 - 2015-05-27 15:19 - 00000000 ____D C:\Program Files\CCleaner
2015-06-26 21:56 - 2015-05-27 11:41 - 00000000 ____D C:\ProgramData\EPSON
2015-06-25 00:10 - 2015-05-27 16:26 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-24 07:36 - 2015-05-27 16:12 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-24 07:36 - 2015-05-27 16:12 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-24 07:36 - 2015-05-27 16:12 - 01320120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-24 07:36 - 2015-05-27 16:12 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-19 23:02 - 2014-11-21 12:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 23:02 - 2014-11-21 12:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 16:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-19 05:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-06-19 04:39 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-19 04:37 - 2015-05-27 15:31 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-06-17 05:10 - 2015-05-27 16:10 - 12855416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-17 05:10 - 2015-05-27 16:10 - 02997544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-17 05:10 - 2015-05-27 16:10 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-17 05:10 - 2015-05-27 16:10 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-06-17 05:10 - 2015-05-27 14:35 - 00112784 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-06-17 05:10 - 2015-05-27 14:35 - 00105288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-06-17 02:48 - 2015-05-27 16:11 - 06873232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-17 02:48 - 2015-05-27 16:11 - 03492168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-17 02:48 - 2015-05-27 16:11 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-17 02:48 - 2015-05-27 16:11 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-17 02:48 - 2015-05-27 16:11 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-17 02:48 - 2015-05-27 16:11 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-16 12:18 - 2015-05-28 08:37 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Firestorm_x64
2015-06-15 17:28 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-06-14 20:02 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-13 19:46 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-12 00:59 - 2015-05-27 14:51 - 00000000 __SHD C:\Users\ronak_000\AppData\Local\EmieUserList
2015-06-12 00:59 - 2015-05-27 14:51 - 00000000 __SHD C:\Users\ronak_000\AppData\Local\EmieSiteList
2015-06-12 00:59 - 2015-05-27 14:51 - 00000000 __SHD C:\Users\ronak_000\AppData\Local\EmieBrowserModeList
2015-06-12 00:48 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 12:58 - 2015-05-27 12:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 12:55 - 2015-05-27 12:40 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-06 03:32

==================== End of log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by ronak_000 at 2015-07-10 21:19:38
Running from C:\Users\ronak_000\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1956968038-1783308290-1564097226-500 - Administrator - Disabled)
Guest (S-1-5-21-1956968038-1783308290-1564097226-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1956968038-1783308290-1564097226-1005 - Limited - Enabled)
ronak_000 (S-1-5-21-1956968038-1783308290-1564097226-1001 - Administrator - Enabled) => C:\Users\ronak_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.7.6 build 4832 (May-29-2015) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3530 Series Printer Uninstall (HKLM\...\EPSON WF-3530 Series) (Version:  - SEIKO EPSON Corporation)
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42974 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{4e154806-de7a-4300-b61e-bc0c3a4c5b43}) (Version: 4.6.42974 - Phoenix Firestorm Project Inc)
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM\...\Office14.SharePointDesigner) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.2.6.1130 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.53.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Skype 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SmartApp (HKLM-x32\...\{9C298C54-B5A9-4B70-943A-A8358A802F2A}) (Version: 2.0.0.36 - SmartApp)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
TERA (HKLM-x32\...\Steam App 323370) (Version:  - Bluehole Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-06-2015 20:04:58 Scheduled Checkpoint
03-07-2015 17:16:08 Restore Operation
06-07-2015 19:13:59 Installed QuickTime 7

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18D71F59-BACF-44D8-902D-B754445AA62C} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2015-07-08] (VertoAnalytics Oy)
Task: {21B1A2CE-F4C8-4F2D-94C3-F52186B49815} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {2BCB4427-7EE2-4CD7-A7A2-97E501D6425D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: {2DA2A85C-4783-496F-A7F4-56ADB5974326} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {2FD0CB8B-DE16-4288-930B-E5ABCE7321D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {324BB04A-FE1D-4C51-B575-D3E39587AA7A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {3D3D9FB6-51A4-4CB3-817D-EE1EFF9E195C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {4B21DB30-B160-45F6-8A84-242278CD57AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {5185398C-AD80-4842-ACA9-DA79844914D2} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2015-07-08] ()
Task: {5A6F6ED1-70C4-47BE-AE57-210BD91372E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6806032F-A680-43D4-BA94-9E6685458CCA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {7F7A5267-1094-4134-8063-07D9764133F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {8B9501B7-AC88-4ADA-A356-179609B821A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {B28D2963-980A-4531-9098-3687BF60E972} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: {B52A920E-BC41-4182-A987-92CDA10E94AA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {BB8C037F-91CD-4BA3-945F-25DC5C079FA5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HERPANDORA-ronak_000 HerPandora => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {BFEC65A5-59F9-456E-AADC-9D6F6C5D9D97} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {C1E997CE-B0EE-4C52-A3C5-84683AE45689} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {D6A9A48B-ADBB-4AF3-B00F-D0AD30AB9F49} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe
Task: {F4C0DF93-09CC-45E6-81F0-EB7F8A878636} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-27 16:11 - 2015-06-17 02:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-12 15:30 - 2014-12-12 15:30 - 02084352 _____ () C:\Program Files\Firestorm-Releasex64\win_crash_logger.exe
2012-10-01 23:37 - 2012-10-01 23:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-03 17:25 - 2015-06-24 07:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-04-22 15:30 - 2012-07-18 04:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ronak_000\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8157AAAA-97E1-464C-8095-B53D88FED2B4}] => (Allow) C:\Users\ronak_000\AppData\Local\Temp\7zS7181.tmp\SymNRT.exe
FirewallRules: [{93C36DC8-1835-48EB-828C-DF3CC009298A}] => (Allow) C:\Users\ronak_000\AppData\Local\Temp\7zS7181.tmp\SymNRT.exe
FirewallRules: [{5F71C5F5-590B-4F69-BCA9-781451FF1207}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{293A3CA3-18C7-4240-A3F4-39B216963234}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{99FA3A36-5042-477E-A078-F6848B238FDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1FEFFD5-CA98-4575-9F1E-29BCDBFF6474}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{757DB812-959E-46B8-A7BD-92B816FC0E0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C42B3F3-C27A-48E6-ABDF-C7CF82AB8220}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CD0471A9-5CB8-408D-86F2-BCFAF4F44951}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B0B3402-0306-4390-B46D-9C8CBE0A196B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F0EF210F-6F48-47B1-8F69-28EE6A004A06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1D5AD19B-88F2-4498-B5FC-F243A4138C51}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{41E3F28F-658D-4613-ABE1-B4FB6DA316C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EBA9B518-FB18-45FC-BBD5-FE842539AF41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DFFFF74D-AF6D-4F52-9F23-544990A8C3BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E3DBC738-962D-42C3-9EFD-34F2E6E06ADD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6FDE9BC9-B129-4687-B3D1-35CBB40EAD25}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{83545A4D-2BD1-49DF-94CE-5434207AA1B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B612B8E7-BF04-4A56-8395-C59943461882}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{915066A7-52D3-40C3-9614-278514B33850}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{684E4810-14DD-48B5-93F9-259F34730CD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{F8B527F0-6443-4F85-9918-7A0DA95264F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{DBFEFB5D-0B73-4DCA-AD7C-7399AA031C75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{6D6AB4E9-2666-4079-A5E3-537B1173E605}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{6BE89EE2-F548-468A-A22D-F977611C683C}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{3A3AFD21-74DA-4131-9A42-0F11E74BDA90}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{6EF1885E-0BE8-42A7-81B5-8208915B5DBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{F34F1CFB-E34C-42D1-AEC6-84B1B4E502D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{594C2FB3-F001-4417-BBBC-4D3E7CC23159}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B47C1FBE-AE6E-4436-BA66-08504CABCB8A}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EB4D2FE7-3302-41F8-B8DD-442B6B26F294}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3EF304FA-0DBB-417E-8E8F-C0A394C27B4A}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{E2830D53-FC9E-41DA-9121-DC8875FDA727}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{ED298284-4BC7-4B3F-A81A-9AF75787E6FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{1CD9D04F-8E30-4EB7-AC71-12B7DD0FEC29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{3DA27597-AF3A-4CCB-9903-FF972F40A32C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{81BEE712-6FA9-4A32-A5FF-59D34375EF6A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{65BB1898-D343-4CB1-8FA0-7585817776BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DDD6ADA9-4BD4-42C0-B975-4AD298EEB2C5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3F4DAF68-0603-428B-A6B8-49CFD0D2AFDC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{5B23426D-F6EF-4B7D-8AF0-BBBE5801DEAD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2015 04:25:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2704

Error: (07/10/2015 04:25:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2704

Error: (07/10/2015 04:25:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2015 03:50:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_18_0_0_194.exe, version: 18.0.0.194, time stamp: 0x55839246
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x17138d18
Faulting process id: 0x25a8
Faulting application start time: 0xFlashPlayerPlugin_18_0_0_194.exe0
Faulting application path: FlashPlayerPlugin_18_0_0_194.exe1
Faulting module path: FlashPlayerPlugin_18_0_0_194.exe2
Report Id: FlashPlayerPlugin_18_0_0_194.exe3
Faulting package full name: FlashPlayerPlugin_18_0_0_194.exe4
Faulting package-relative application ID: FlashPlayerPlugin_18_0_0_194.exe5

Error: (07/09/2015 05:06:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 39.0.0.5659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 70c

Start Time: 01d0b861e9bd3731

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 57151339-267e-11e5-be97-7054d29770a4

Faulting package full name:

Faulting package-relative application ID:

Error: (07/09/2015 05:06:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.0.5659, time stamp: 0x55934d06
Faulting module name: mozalloc.dll, version: 39.0.0.5659, time stamp: 0x55933a83
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x261c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (07/09/2015 04:53:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x25d4
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5

Error: (07/09/2015 04:48:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: USER32.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000142
Fault offset: 0x00000000000ec180
Faulting process id: 0x23cc
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5

Error: (07/09/2015 07:25:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094

Error: (07/09/2015 07:25:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1094


System errors:
=============
Error: (07/07/2015 09:14:57 PM) (Source: Schannel) (EventID: 4108) (User: HERPANDORA)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.

Error: (07/07/2015 09:14:57 PM) (Source: Schannel) (EventID: 4120) (User: HERPANDORA)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

Error: (07/06/2015 09:14:57 PM) (Source: Schannel) (EventID: 4108) (User: HERPANDORA)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.

Error: (07/06/2015 09:14:57 PM) (Source: Schannel) (EventID: 4120) (User: HERPANDORA)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

Error: (07/06/2015 09:14:57 PM) (Source: Schannel) (EventID: 4108) (User: HERPANDORA)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092012. The SSL connection request has failed. The attached data contains the server certificate.

Error: (07/06/2015 09:14:57 PM) (Source: Schannel) (EventID: 4120) (User: HERPANDORA)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

Error: (07/06/2015 04:57:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/06/2015 04:57:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/06/2015 04:57:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/06/2015 04:57:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.


Microsoft Office:
=========================
Error: (07/10/2015 04:25:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2704

Error: (07/10/2015 04:25:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2704

Error: (07/10/2015 04:25:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2015 03:50:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_18_0_0_194.exe18.0.0.19455839246unknown0.0.0.000000000c000041d17138d1825a801d0bae1edfbaa6fC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exeunknown5ec8d6ed-26d8-11e5-be97-7054d29770a4

Error: (07/09/2015 05:06:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe39.0.0.565970c01d0b861e9bd37314294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe57151339-267e-11e5-be97-7054d29770a4

Error: (07/09/2015 05:06:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa1261c01d0b98f77399fd8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll5778b253-267e-11e5-be97-7054d29770a4

Error: (07/09/2015 04:53:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_winethc.dll6.3.9600.1741554504eb8USER32.dll6.3.9600.17736550f4336c000014200000000000ec18025d401d0ba894eb6d77cC:\WINDOWS\System32\rundll32.exeUSER32.dll8c6aedc2-267c-11e5-be97-7054d29770a4

Error: (07/09/2015 04:48:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_winethc.dll6.3.9600.1741554504eb8USER32.dll6.3.9600.17736550f4336c000014200000000000ec18023cc01d0ba8893ff48afC:\WINDOWS\System32\rundll32.exeUSER32.dlld1be0f22-267b-11e5-be97-7054d29770a4

Error: (07/09/2015 07:25:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094

Error: (07/09/2015 07:25:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1094


CodeIntegrity Errors:
===================================
  Date: 2015-07-08 06:51:13.617
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 18:10:40.755
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 17:26:18.951
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 17:26:18.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 17:26:18.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-03 03:42:52.653
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-02 23:49:12.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-02 23:49:12.539
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-02 23:49:12.434
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-02 23:49:12.309
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 10178.13 MB
Available physical RAM: 7182.87 MB
Total Virtual: 13193.7 MB
Available Virtual: 9930.07 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:217.21 GB) (Free:28.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.57 GB) (Free:2.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DATA STORAGE) (Fixed) (Total:931.26 GB) (Free:846.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 2201E60A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B97F44D5)

Partition: GPT Partition Type.

==================== End of log ============================
 

Edited by queendom, 11 July 2015 - 10:18 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay, could I have a fresh FRST scan please. Also have you changed your Google passwords ?
  • 0

#3
queendom

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

Sure! Here are the new scans. I have changed most of the passwords. I'm going to update all of them again after this check.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by ronak_000 (administrator) on HERPANDORA on 16-07-2015 05:22:58
Running from C:\Users\ronak_000\Desktop
Loaded Profiles: ronak_000 (Available Profiles: ronak_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJIE.EXE
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(VertoAnalytics Oy) C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe
(Verto Analytics Inc) C:\Program Files (x86)\SmartApp\SmartApp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-10-24] (Hewlett-Packard )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1065680 2015-05-29] (Carbonite, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [Spotify Web Helper] => C:\Users\ronak_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-09] (Spotify Ltd)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJIE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJIE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2015-05-27]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1956968038-1783308290-1564097226-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-1956968038-1783308290-1564097226-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL = http://www.amazon.co...s={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
Toolbar: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CE5EC543-607A-4404-846A-D8DCA026C6FC}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-04] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: FT DeepDark - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-06-25]
FF Extension: WOT - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-06]
FF Extension: AmabayFox - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\[email protected] [2015-06-28]
FF Extension: Add to Amazon Wish List Button - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\[email protected] [2015-05-27]
FF Extension: Open in IE - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\[email protected] [2015-05-27]
FF Extension: X-notifier - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-05-27]
FF Extension: Adblock Plus - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\mlfs7mcl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-27]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-07-06]

Chrome:
=======
CHR Profile: C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Yahoo Web) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-27]
CHR Extension: (YouTube) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-27]
CHR Extension: (Google Search) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-27]
CHR Extension: (Upromise RewardU Toolbar) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpocmpoechljihmgemoaahhmadaenbc [2015-05-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-05-27]
CHR Extension: (Google Sheets) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (AdBlock) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-27]
CHR Extension: (Screenwise Trends Panel) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieefkpoaagiboijfjhidningfpomge [2015-05-27]
CHR Extension: (Rating Program Extension) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\imbankdmoclhcdmdejkklikkpaidaeij [2015-05-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-27]
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-06-28]
CHR Extension: (Gmail) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-30] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-05-27] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-05-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-05-27] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [55128 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 05:08 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-16 05:08 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-16 05:08 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-16 05:08 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-16 05:08 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-16 05:08 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-16 05:08 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-16 05:08 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-16 05:08 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-16 05:08 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-16 05:08 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-16 05:08 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-16 05:08 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-16 05:08 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-16 05:08 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-16 05:08 - 2015-06-29 11:07 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-16 05:08 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-16 05:08 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-16 05:08 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-16 05:08 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-16 05:08 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-16 05:08 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-16 05:08 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-16 05:08 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-16 03:12 - 2015-07-03 09:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-16 03:12 - 2015-07-03 09:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-16 03:12 - 2015-07-03 09:50 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-16 03:12 - 2015-07-03 09:50 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-15 23:08 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 23:08 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 23:08 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 23:08 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 23:08 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 23:08 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 23:08 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 23:08 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 23:08 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 23:03 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 23:03 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 23:03 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 23:03 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 23:03 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 23:03 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 23:03 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 23:03 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 23:03 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 23:03 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 23:03 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 23:03 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 23:03 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 23:03 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 23:03 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 22:52 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 22:52 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 22:52 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 22:45 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 22:45 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 22:44 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 22:44 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 22:44 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 22:44 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 22:44 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 22:44 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 22:44 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 22:44 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 22:44 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 22:44 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 22:44 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 22:44 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 22:44 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 22:44 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 22:44 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 22:44 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 22:44 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 22:44 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 22:44 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 22:44 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 22:44 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 22:44 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 22:44 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 22:44 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 22:44 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 22:44 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 22:44 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 22:44 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 22:44 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 22:44 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 22:44 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 22:44 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 22:44 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 22:44 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 22:44 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 22:44 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 22:44 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 22:44 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 22:44 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 22:44 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 22:44 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 22:42 - 2015-07-16 05:23 - 00022799 _____ C:\Users\ronak_000\Desktop\FRST.txt
2015-07-15 22:42 - 2015-07-15 22:42 - 00034135 _____ C:\Users\ronak_000\Desktop\Addition.txt
2015-07-15 22:41 - 2015-07-15 22:41 - 00000000 ____D C:\Users\ronak_000\Desktop\FRST-OlderVersion
2015-07-15 22:37 - 2015-07-16 05:22 - 00653279 ____N C:\WINDOWS\WindowsUpdate.log
2015-07-15 22:34 - 2015-07-15 22:34 - 00000000 ____D C:\Users\ronak_000\AppData\Local\CEF
2015-07-15 22:31 - 2015-07-15 22:34 - 00000000 ____D C:\Users\ronak_000\Desktop\Fix
2015-07-10 21:18 - 2015-07-16 05:23 - 00000000 ____D C:\FRST
2015-07-10 21:18 - 2015-07-15 22:41 - 02133504 _____ (Farbar) C:\Users\ronak_000\Desktop\FRST64.exe
2015-07-07 17:07 - 2015-07-15 22:32 - 00000000 ____D C:\Users\ronak_000\Desktop\sapyoumightfindthisinteresting
2015-07-07 14:00 - 2015-07-07 14:00 - 00002154 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-07-07 14:00 - 2015-07-07 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2015-07-06 21:14 - 2015-07-06 21:14 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Apple Computer
2015-07-06 20:48 - 2015-07-06 20:48 - 00000000 ____D C:\Program Files (x86)\Hp
2015-07-06 20:39 - 2015-07-06 20:39 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-07-06 20:39 - 2015-07-06 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-07-06 20:39 - 2015-07-06 20:39 - 00000000 ____D C:\ProgramData\Logishrd
2015-07-06 20:39 - 2015-07-06 20:39 - 00000000 ____D C:\Program Files\Logitech
2015-07-06 20:39 - 2015-06-17 02:03 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-07-06 20:38 - 2015-07-06 20:39 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2015-07-06 20:38 - 2015-06-17 05:10 - 42729104 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 30481552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 22947144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 16145200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 15866992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 15224784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 14497520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 13263056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 11831856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 11011216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-07-06 20:38 - 2015-06-17 05:10 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 02599752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435330.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435330.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 01099992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 01060168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 01050768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00982672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00975176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00938752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00408392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-07-06 20:38 - 2015-06-17 05:10 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-07-06 20:38 - 2015-06-17 05:10 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-07-06 20:09 - 2015-07-06 20:09 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Apple Computer
2015-07-06 19:14 - 2015-07-06 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-06 19:14 - 2015-07-06 19:14 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-06 19:14 - 2015-07-06 19:14 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-06 19:13 - 2015-07-06 19:13 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-07-06 19:13 - 2015-07-06 19:13 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-07-06 19:13 - 2015-07-06 19:13 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Logitech
2015-07-06 19:13 - 2015-07-06 19:13 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Logishrd
2015-07-06 19:13 - 2015-07-06 19:13 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Apple
2015-07-06 19:13 - 2015-07-06 19:13 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-07-06 19:11 - 2015-07-06 19:11 - 01976358 _____ C:\Users\ronak_000\Desktop\call_16-49-43_IN_+17064942609.AMR
2015-07-06 17:59 - 2015-07-06 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 00:21 - 2015-07-03 00:21 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\NVIDIA
2015-07-03 00:14 - 2015-06-17 05:10 - 17724600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-07-03 00:14 - 2015-06-17 05:10 - 03395648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-07-03 00:01 - 2015-07-15 22:33 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\TeamViewer
2015-07-02 23:46 - 2015-07-06 20:54 - 00000000 ____D C:\Users\ronak_000\AppData\Local\LogMeIn Rescue Applet
2015-07-02 23:39 - 2015-07-03 17:18 - 00000000 ____D C:\Users\ronak_000\Desktop\To Do
2015-06-28 00:04 - 2015-06-28 00:04 - 00000000 ____D C:\Users\ronak_000\AppData\Local\TERA
2015-06-20 20:30 - 2015-06-20 20:30 - 18461219 _____ C:\Users\ronak_000\Desktop\Attachments_2015620.zip
2015-06-19 05:59 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-06-19 05:59 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-06-19 05:59 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-06-19 05:59 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-06-19 05:41 - 2015-05-01 19:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-19 05:41 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-06-19 05:41 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-06-19 05:41 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-06-19 05:14 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-06-19 05:14 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-06-19 05:14 - 2015-04-30 21:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-06-19 05:14 - 2015-04-30 21:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-06-19 05:14 - 2015-04-30 21:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-06-19 05:14 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-19 05:14 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-19 05:00 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-19 05:00 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-06-19 05:00 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-19 05:00 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-06-19 05:00 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-06-19 05:00 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-06-19 05:00 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-06-19 05:00 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-19 05:00 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-19 04:45 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-19 04:45 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-19 04:45 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-19 04:45 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-19 04:41 - 2015-06-19 04:41 - 00000000 ____D C:\Users\ronak_000\AppData\Local\GWX
2015-06-19 04:37 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-06-19 04:37 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-19 04:37 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-19 04:37 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-19 04:37 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-19 04:37 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-19 04:37 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-06-19 03:30 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-06-19 03:30 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-06-19 03:30 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-06-19 03:30 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-06-19 03:30 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-19 03:30 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-19 03:30 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-19 03:30 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-19 03:30 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-19 03:30 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-19 03:30 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-19 03:30 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-19 03:30 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-19 03:30 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-19 03:30 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-19 03:30 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-19 03:30 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTime.qts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 05:21 - 2015-05-27 15:47 - 00004982 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HERPANDORA-ronak_000 HerPandora
2015-07-16 05:17 - 2015-05-27 15:01 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 05:15 - 2014-11-21 04:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-16 05:14 - 2015-05-27 14:55 - 00000000 ____D C:\Users\ronak_000\AppData\Local\ClassicShell
2015-07-16 05:10 - 2015-06-05 10:55 - 00003338 _____ C:\WINDOWS\System32\Tasks\SmartAppMonitor
2015-07-16 05:10 - 2015-05-27 15:38 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\stickies
2015-07-16 05:10 - 2015-05-27 15:18 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 05:10 - 2015-05-27 15:01 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-16 05:10 - 2015-05-27 14:51 - 00000000 ___DO C:\Users\ronak_000\OneDrive
2015-07-16 05:09 - 2015-05-27 16:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-16 05:09 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-16 05:08 - 2015-06-14 20:02 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-16 05:08 - 2015-06-02 10:00 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Spotify
2015-07-16 05:08 - 2015-05-27 15:31 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-16 05:08 - 2015-05-27 15:31 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-16 05:08 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-16 05:08 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-16 05:08 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-16 05:06 - 2015-05-27 12:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-16 05:01 - 2015-06-02 10:00 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Spotify
2015-07-16 05:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-16 04:53 - 2013-08-22 10:44 - 00461232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-16 04:52 - 2015-06-05 10:55 - 00004104 _____ C:\WINDOWS\System32\Tasks\SmartAppLiveUpdater
2015-07-15 23:41 - 2015-05-27 11:37 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B58D2DC0-5384-4315-9E71-00C3983E739A}
2015-07-15 23:20 - 2015-05-27 11:42 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1956968038-1783308290-1564097226-1001
2015-07-15 22:33 - 2015-05-27 16:24 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-15 22:29 - 2015-05-27 16:26 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-15 21:23 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-07-15 20:53 - 2015-05-27 16:26 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 20:40 - 2015-05-27 19:29 - 00847872 ___SH C:\Users\ronak_000\Desktop\Thumbs.db
2015-07-15 18:12 - 2015-05-27 15:01 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 18:12 - 2015-05-27 15:01 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 22:46 - 2015-05-27 16:20 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-14 21:26 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-14 21:13 - 2015-05-27 14:37 - 00000000 ____D C:\Users\ronak_000
2015-07-14 07:31 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-13 17:10 - 2014-11-21 12:03 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 17:10 - 2014-11-21 12:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 06:55 - 2015-06-04 19:31 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-08 06:49 - 2015-06-05 10:55 - 00000000 ____D C:\Program Files (x86)\SmartApp
2015-07-07 19:17 - 2015-05-31 11:11 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Skype
2015-07-07 17:10 - 2015-05-27 11:36 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Packages
2015-07-07 14:00 - 2015-05-27 15:25 - 00004156 _____ C:\WINDOWS\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2015-07-06 21:12 - 2015-05-27 15:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-06 20:38 - 2015-05-27 14:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-05 06:08 - 2015-05-27 13:33 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-04 20:26 - 2015-06-04 19:31 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-07-04 00:54 - 2015-05-27 11:37 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Adobe
2015-07-03 17:25 - 2015-05-27 14:50 - 00000000 ____D C:\Users\ronak_000\AppData\Local\NVIDIA
2015-07-03 17:25 - 2015-05-27 14:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-03 17:18 - 2015-05-27 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-03 17:18 - 2015-05-27 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-03 17:18 - 2015-05-27 15:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-03 17:18 - 2015-05-27 14:54 - 00000000 ____D C:\ProgramData\ClassicShell
2015-07-03 17:18 - 2015-05-27 14:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-07-03 17:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-07-03 17:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\security
2015-07-03 17:17 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration
2015-07-03 17:17 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Help
2015-07-03 08:43 - 2015-05-27 12:40 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-28 06:59 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-06-27 22:27 - 2015-05-27 16:33 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-27 19:22 - 2015-05-27 15:19 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-27 19:22 - 2015-05-27 15:19 - 00000000 ____D C:\Program Files\CCleaner
2015-06-26 21:56 - 2015-05-27 11:41 - 00000000 ____D C:\ProgramData\EPSON
2015-06-24 07:36 - 2015-05-27 16:12 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-24 07:36 - 2015-05-27 16:12 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-24 07:36 - 2015-05-27 16:12 - 01320120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-24 07:36 - 2015-05-27 16:12 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-19 16:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-19 05:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-06-19 04:39 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-17 05:10 - 2015-05-27 16:10 - 12855416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-17 05:10 - 2015-05-27 16:10 - 02997544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-17 05:10 - 2015-05-27 16:10 - 01567576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-17 05:10 - 2015-05-27 16:10 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-06-17 05:10 - 2015-05-27 14:35 - 00112784 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-06-17 05:10 - 2015-05-27 14:35 - 00105288 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-06-17 02:48 - 2015-05-27 16:11 - 06873232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-17 02:48 - 2015-05-27 16:11 - 03492168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-17 02:48 - 2015-05-27 16:11 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-17 02:48 - 2015-05-27 16:11 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-17 02:48 - 2015-05-27 16:11 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-17 02:48 - 2015-05-27 16:11 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-16 12:18 - 2015-05-28 08:37 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Firestorm_x64

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-06 03:32

==================== End of log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by ronak_000 at 2015-07-16 05:23:19
Running from C:\Users\ronak_000\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1956968038-1783308290-1564097226-500 - Administrator - Disabled)
Guest (S-1-5-21-1956968038-1783308290-1564097226-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1956968038-1783308290-1564097226-1005 - Limited - Enabled)
ronak_000 (S-1-5-21-1956968038-1783308290-1564097226-1001 - Administrator - Enabled) => C:\Users\ronak_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.7.6 build 4832 (May-29-2015) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3530 Series Printer Uninstall (HKLM\...\EPSON WF-3530 Series) (Version:  - SEIKO EPSON Corporation)
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Firestorm SecondLife and OpenSim viewer (Version: 4.6.42974 - Phoenix Viewer Project) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{4e154806-de7a-4300-b61e-bc0c3a4c5b43}) (Version: 4.6.42974 - Phoenix Firestorm Project Inc)
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6429.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM\...\Office14.SharePointDesigner) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.2.6.1130 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.53.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SmartApp (HKLM-x32\...\{9C298C54-B5A9-4B70-943A-A8358A802F2A}) (Version: 2.0.0.36 - SmartApp)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
TERA (HKLM-x32\...\Steam App 323370) (Version:  - Bluehole Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-06-2015 20:04:58 Scheduled Checkpoint
03-07-2015 17:16:08 Restore Operation
06-07-2015 19:13:59 Installed QuickTime 7
14-07-2015 02:07:55 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18D71F59-BACF-44D8-902D-B754445AA62C} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2015-07-08] (VertoAnalytics Oy)
Task: {21B1A2CE-F4C8-4F2D-94C3-F52186B49815} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {2BCB4427-7EE2-4CD7-A7A2-97E501D6425D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: {2DA2A85C-4783-496F-A7F4-56ADB5974326} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {2FD0CB8B-DE16-4288-930B-E5ABCE7321D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {324BB04A-FE1D-4C51-B575-D3E39587AA7A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {3D3D9FB6-51A4-4CB3-817D-EE1EFF9E195C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {4B21DB30-B160-45F6-8A84-242278CD57AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {5185398C-AD80-4842-ACA9-DA79844914D2} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2015-07-08] ()
Task: {5A6F6ED1-70C4-47BE-AE57-210BD91372E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5BF37623-41AC-402C-A262-C343ED672C68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {6806032F-A680-43D4-BA94-9E6685458CCA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {7F7A5267-1094-4134-8063-07D9764133F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {8B9501B7-AC88-4ADA-A356-179609B821A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {B28D2963-980A-4531-9098-3687BF60E972} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: {BB8C037F-91CD-4BA3-945F-25DC5C079FA5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HERPANDORA-ronak_000 HerPandora => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {C1E997CE-B0EE-4C52-A3C5-84683AE45689} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {D6A9A48B-ADBB-4AF3-B00F-D0AD30AB9F49} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe
Task: {F4C0DF93-09CC-45E6-81F0-EB7F8A878636} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {FCB80B18-7A1F-46B9-B2AA-9FBE67075261} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-27 16:11 - 2015-06-17 02:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-01 23:37 - 2012-10-01 23:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-03 17:25 - 2015-06-24 07:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-04-22 15:30 - 2012-07-18 04:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ronak_000\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8157AAAA-97E1-464C-8095-B53D88FED2B4}] => (Allow) C:\Users\ronak_000\AppData\Local\Temp\7zS7181.tmp\SymNRT.exe
FirewallRules: [{93C36DC8-1835-48EB-828C-DF3CC009298A}] => (Allow) C:\Users\ronak_000\AppData\Local\Temp\7zS7181.tmp\SymNRT.exe
FirewallRules: [{5F71C5F5-590B-4F69-BCA9-781451FF1207}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{293A3CA3-18C7-4240-A3F4-39B216963234}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{99FA3A36-5042-477E-A078-F6848B238FDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1FEFFD5-CA98-4575-9F1E-29BCDBFF6474}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{757DB812-959E-46B8-A7BD-92B816FC0E0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C42B3F3-C27A-48E6-ABDF-C7CF82AB8220}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CD0471A9-5CB8-408D-86F2-BCFAF4F44951}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B0B3402-0306-4390-B46D-9C8CBE0A196B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F0EF210F-6F48-47B1-8F69-28EE6A004A06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1D5AD19B-88F2-4498-B5FC-F243A4138C51}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{41E3F28F-658D-4613-ABE1-B4FB6DA316C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EBA9B518-FB18-45FC-BBD5-FE842539AF41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DFFFF74D-AF6D-4F52-9F23-544990A8C3BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E3DBC738-962D-42C3-9EFD-34F2E6E06ADD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6FDE9BC9-B129-4687-B3D1-35CBB40EAD25}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{83545A4D-2BD1-49DF-94CE-5434207AA1B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B612B8E7-BF04-4A56-8395-C59943461882}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{915066A7-52D3-40C3-9614-278514B33850}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{684E4810-14DD-48B5-93F9-259F34730CD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{F8B527F0-6443-4F85-9918-7A0DA95264F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{DBFEFB5D-0B73-4DCA-AD7C-7399AA031C75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{6D6AB4E9-2666-4079-A5E3-537B1173E605}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{6BE89EE2-F548-468A-A22D-F977611C683C}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{3A3AFD21-74DA-4131-9A42-0F11E74BDA90}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{6EF1885E-0BE8-42A7-81B5-8208915B5DBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{F34F1CFB-E34C-42D1-AEC6-84B1B4E502D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{594C2FB3-F001-4417-BBBC-4D3E7CC23159}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B47C1FBE-AE6E-4436-BA66-08504CABCB8A}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EB4D2FE7-3302-41F8-B8DD-442B6B26F294}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3EF304FA-0DBB-417E-8E8F-C0A394C27B4A}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{E2830D53-FC9E-41DA-9121-DC8875FDA727}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{ED298284-4BC7-4B3F-A81A-9AF75787E6FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{1CD9D04F-8E30-4EB7-AC71-12B7DD0FEC29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{3DA27597-AF3A-4CCB-9903-FF972F40A32C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{81BEE712-6FA9-4A32-A5FF-59D34375EF6A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{65BB1898-D343-4CB1-8FA0-7585817776BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DDD6ADA9-4BD4-42C0-B975-4AD298EEB2C5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3F4DAF68-0603-428B-A6B8-49CFD0D2AFDC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{74AB7CFE-17E8-4822-A1D3-F9A2ABBE6053}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2015 05:08:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HERPANDORA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/16/2015 05:08:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HERPANDORA)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/16/2015 04:56:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HERPANDORA)
Description: Activation of app DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/15/2015 08:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2265

Error: (07/15/2015 08:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2265

Error: (07/15/2015 08:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2015 10:12:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1219

Error: (07/14/2015 10:12:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1219

Error: (07/14/2015 10:12:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2015 08:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2437


System errors:
=============
Error: (07/16/2015 05:08:32 AM) (Source: DCOM) (EventID: 10010) (User: HERPANDORA)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/16/2015 05:08:32 AM) (Source: DCOM) (EventID: 10010) (User: HERPANDORA)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/16/2015 05:08:29 AM) (Source: DCOM) (EventID: 10010) (User: HERPANDORA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (07/16/2015 05:08:29 AM) (Source: DCOM) (EventID: 10010) (User: HERPANDORA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (07/15/2015 11:09:18 PM) (Source: DCOM) (EventID: 10010) (User: HERPANDORA)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/15/2015 11:09:18 PM) (Source: DCOM) (EventID: 10010) (User: HERPANDORA)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/15/2015 11:03:35 PM) (Source: DCOM) (EventID: 10010) (User: HERPANDORA)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/15/2015 11:03:35 PM) (Source: DCOM) (EventID: 10010) (User: HERPANDORA)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/15/2015 10:54:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (07/15/2015 10:53:54 PM) (Source: DCOM) (EventID: 10010) (User: HERPANDORA)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office:
=========================
Error: (07/16/2015 05:08:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HERPANDORA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (07/16/2015 05:08:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HERPANDORA)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (07/16/2015 04:56:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HERPANDORA)
Description: DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default-2144927148

Error: (07/15/2015 08:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2265

Error: (07/15/2015 08:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2265

Error: (07/15/2015 08:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2015 10:12:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1219

Error: (07/14/2015 10:12:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1219

Error: (07/14/2015 10:12:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2015 08:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2437


CodeIntegrity Errors:
===================================
  Date: 2015-07-15 23:22:50.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-15 23:22:50.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-15 23:22:50.476
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-15 23:22:50.363
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-15 23:22:50.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-15 23:22:50.176
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-15 23:22:50.061
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-15 23:22:49.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-15 23:22:49.318
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-15 23:22:49.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 20%
Total physical RAM: 10178.13 MB
Available physical RAM: 8138.95 MB
Total Virtual: 10578.13 MB
Available Virtual: 8467.03 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:217.21 GB) (Free:6.33 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.57 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (DATA STORAGE) (Fixed) (Total:931.26 GB) (Free:849.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 2201E60A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B97F44D5)

Partition: GPT Partition Type.

==================== End of log ============================


Edited by queendom, 16 July 2015 - 03:27 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a great deal showing, so the online element of Google may have been hacked. But, I will run some deep scans to be sure

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ProxyEnable: [S-1-5-21-1956968038-1783308290-1564097226-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-1956968038-1783308290-1564097226-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
CHR Extension: (Upromise RewardU Toolbar) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpocmpoechljihmgemoaahhmadaenbc [2015-05-27]
2015-07-07 14:00 - 2015-05-27 15:25 - 00004156 _____ C:\WINDOWS\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#5
queendom

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

Forgot to mention that the email that I received from the customer was to a non-Gmail account. That address is also in the e-mail notification Firefox add-on. (Have used that program for several years without any problems.)
 

More strange occurrences today..

1. A few of my Gmail accounts were flagged for suspicious logins again.

2. A major online retailer that I frequently shop at sent me several back-to-back emails regarding "forgot my password" requests. Of course, I didn't click anything, but the emails look legitimate.

 

I'm encrypting and resetting my mobile devices, as well as changing all of my account passwords.

 

Thanks so much for your help!!


Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by ronak_000 at 2015-07-16 17:39:27 Run:1
Running from C:\Users\ronak_000\Desktop
Loaded Profiles: ronak_000 (Available Profiles: ronak_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ProxyEnable: [S-1-5-21-1956968038-1783308290-1564097226-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-1956968038-1783308290-1564097226-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
CHR Extension: (Upromise RewardU Toolbar) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpocmpoechljihmgemoaahhmadaenbc [2015-05-27]
2015-07-07 14:00 - 2015-05-27 15:25 - 00004156 _____ C:\WINDOWS\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpocmpoechljihmgemoaahhmadaenbc => moved successfully.
C:\WINDOWS\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => moved successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {927EB9E4-45A0-4920-AAF0-88A15A0BAACB}.
Unable to cancel {C325A1C1-351F-44E5-999C-68D821AD7B1D}.
Unable to cancel {5A69E22A-F68E-4B12-B86D-D4B18002455E}.
0 out of 3 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 44.3 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 17:39:37 ====


# AdwCleaner v4.208 - Logfile created 16/07/2015 at 18:16:54
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : ronak_000 - HERPANDORA
# Running from : C:\Users\ronak_000\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
File Deleted : C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:64550;hxxps=127.0.0.1:64550
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v43.0.2357.134

[C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2451 bytes] - [16/07/2015 17:47:32]
AdwCleaner[R1].txt - [2510 bytes] - [16/07/2015 18:16:30]
AdwCleaner[S0].txt - [2245 bytes] - [16/07/2015 18:16:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2304  bytes] ##########

 

 

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-07-17 01:19:50
-----------------------------
01:19:50.373    OS Version: Windows x64 6.2.9200
01:19:50.373    Number of processors: 8 586 0x3A09
01:19:50.374    ComputerName: HERPANDORA  UserName: ronak_000
01:19:50.948    Initialize success
01:19:51.033    VM: initialized successfully
01:19:51.033    VM: Intel CPU BiosDisabled
01:20:12.981    AVAST engine defs: 15071603
01:21:02.888    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000030
01:21:02.890    Disk 0 Vendor: MTFDDAK256MAM-1K1 040H Size: 244198MB BusType: 11
01:21:02.891    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000031
01:21:02.893    Disk 1 Vendor: WDC_WD10EZEX-60ZF5A0 80.00A80 Size: 953869MB BusType: 11
01:21:02.901    Disk 0 MBR read successfully
01:21:02.903    Disk 0 MBR scan
01:21:02.909    Disk 0 unknown MBR code
01:21:02.911    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
01:21:02.936    Disk 0 scanning C:\WINDOWS\system32\drivers
01:21:08.051    Service scanning
01:21:23.775    Modules scanning
01:21:23.785    Disk 0 trace - called modules:
01:21:23.793    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
01:21:23.800    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001f589a060]
01:21:23.806    3 CLASSPNP.SYS[fffff800edd6b170] -> nt!IofCallDriver -> [0xffffe001f37608d0]
01:21:23.811    5 ACPI.sys[fffff800ed803c21] -> nt!IofCallDriver -> \Device\00000030[0xffffe001f37617f0]
01:21:25.096    AVAST engine scan C:\WINDOWS
01:21:25.834    AVAST engine scan C:\WINDOWS\system32
01:22:57.873    AVAST engine scan C:\WINDOWS\system32\drivers
01:23:04.031    AVAST engine scan C:\Users\ronak_000
01:27:56.896    AVAST engine scan C:\ProgramData
01:28:53.329    Disk 0 statistics 4295293/0/0 @ 17.26 MB/s
01:28:53.333    Scan finished successfully
01:29:35.703    Disk 0 MBR has been saved successfully to "C:\Users\ronak_000\Desktop\MBR.dat"
01:29:35.706    The log file has been saved successfully to "C:\Users\ronak_000\Desktop\aswMBR.txt"


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next step will be check on the other parts of your system

Download AVZ tool from here to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon avz.JPG
When the tool opens select "File" > "Standards scripts"
avz1.jpg

Place a tick in :


5. Update signature database

Then press "Execute selected scripts"
avz2.JPG

Once that has execute then
select "File" > "Standards scripts"
Place a tick in :

3. Advanced System Analysis with malware removal mode enabled


When finished look in the folder AVZ4 on your desktop
Open the LOG folder
Attach virusinfo_syscure to your next post
vz3.JPG
  • 0

#7
queendom

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

All done. Log attached.


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Could you attach it please :)


  • 0

#9
queendom

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

Lol oops! Sorry. Here you go.

:geek:

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Again another clean sheet showing there, I have one further scan that we can try.  This will require a USB stick as it works outside of windows..   If this find nothing then my assessment would be that you are clean and someone is just trying to bruteforce hack your data online

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
  • Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
  • Launch drwebliveusb.exe.
  • The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
    liveusb_ru.jpg
  • To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
  • Files will be copied automatically.
  • Once the copying process is completed, press the Exit button to close the application.
  • Reboot the infected computer with the USB in the drive
  • Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Live%20boot%20screen.png
  • Use arrow keys to select DrWeb-LiveCD (Default)

    drwebselect.JPG
  • Press select objects for scanning

    drwebfolders.JPG
  • When the system is loaded, check the disks or folders you want to scan, and click on Start.
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
    drwebscan.JPG
  • When it has completed

    drwebscancomplete.JPG
  • Select Open Report and copy to the USB
  • Once completed reboot to normal windows, and attach the report here

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#13
queendom

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

I went into the advanced startup and UEFI settings to change the boot order. The first three options are all for the computer to boot from USB. However, it just boots to the desktop as normal. I also enabled the option to reformat the USB before installing. Any other special steps I should take to boot to USB?

Attached Thumbnails

  • 20150722_180819.jpg
  • 20150722_181747.jpg

Edited by queendom, 22 July 2015 - 04:21 PM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you try it this way ?  https://askleo.com/h...b_in_windows_8/
  • 0

#15
queendom

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Yes I tried that way and it took me to the screen in the first screenshot. I moved the USB option to the first slot but it still boots to desktop.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP