Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer freezes right after boot [Solved]


  • This topic is locked This topic is locked

#16
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts

My computer froze once today 10 mins after the boot. Microsoft security essentials was turned off then ( I turned it off for my ESET scan and forgot to turn it back on ) . I restarted and turned on Microsoft security essentials. I did not see any freezing after that. I also installed latest malwarebytes anti malware. Is another scan necessary?

 

I have Microsoft security essentials ( turned on ), Windows defender ( turned off ) , Mcafee anti virus, Zone alarm for firewall and Malwarebytes anti malware. Hopefully I don't have too many of these defenses that can freeze my computer :)


  • 0

Advertisements


#17
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

I have Microsoft security essentials ( turned on ), Windows defender ( turned off ) , Mcafee anti virus, Zone alarm for firewall and Malwarebytes anti malware.


You will most likely have conflict going on there.

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You may end up with little or no protection.

If it were me I would uninstall Zone Alarm. In the past ZoneAlarm caused a lot of problems on computers. Often when users came for help it would turn out that the real problem was compatibility issues with ZoneAlarm. It was very buggy, bloated and brought foistware with it.

And this:

http://news.softpedi...bar-74214.shtml

There was a questionable program ZoneAlarm Spy Blocker that ZoneAlarm installed as an option, it used the Ask.com search engine. This use of the Ask search engine is included without the users prior acceptance. In other words it is foistware.

For what it's worth here are my thoughts on anti-virus and firewall programs.

Most of the well known anti-virus products are good. Some perform better in some aspects than others but if you were to look at the overall picture they are mostly good.

Sometimes one will be on top of the pops one month and another on another month. Of course there are some rogue programs out there too that you must steer clear of because they bring infection with them.

Some of the free ones are good but you do not get the full service. The sound "pay for products" out there have packages which include anti-spyware, anti-phishing, firewalls and adware blocking so you get the whole lot in one go.

This link will take you to an independent site showing comparatives for Anti-virus products. Look at comparatives with caution because one month a program may do well and in another not so well.

http://www.av-comparatives.org/

All of the ones shown there are good products. Sometimes it comes down to your personal taste. In other words you like a particular product because to you it is user friendly or looks good.

Ones I personally like at the moment are  Avast, Avira, ESET and Kaspersky but that is only a personal preference and my preferences do change as products undergo improvement.

Of the free ones, I recommend Avast, Avira and MSE. I believe they are all good although it does seem as though Avast have recently made some policy changes about adding revenue gathering opportunities however this may have changed since last time I looked.

If you are looking at free products such as Avast I would look at having anti-spyware product as well (say the free versions of) Malwarebytes or SuperAntiSpyware) and update and run it once a week.

Note: Currently SuperAntiSpyware will install foistware along with the program. Last time I looked it was Google Chrome Browser at installation. This is fine if you use Chrome but not so good if you don't. It will sometimes do this even if you use Custom Install and uncheck Chrome (at least on my machine) so if unchecking Chrome in the Custom Install doesn't work then remember to uninstall Chrome afterwards (unless of course you want it).

Microsoft Security Essentials together with Windows Firewall (which comes with Windows) is probably a good choice for the run of the mill user. This because it is light on resources, it is unobtrusive (it works away in the background without interrupting) and you don't have to be an expert. Firewalls have a habit of flagging suspicious files and asking the user to decide whether to accept the file or not. Often the run of the mill user has no idea about what a particular file does and just says no to everything... down the track they wonder why programs they use regularly suddenly stop working or maybe they try and download something they frequently downloaded in the past but now find they can't.
 
Here are three good, free for personal use antivirus programs :



Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.


If you were thinking about registry cleaners they are notorious for causing problems on peoples computers. Often the problem doesn't appear until well down the track. A small change to the registry can go unnoticed until one day you call on that function and find it won't work anymore or alternatively an associated utility doesn't work properly.

As far as other optimising programs are concerned I do not recommend them. They almost always cause more problems than they are worth.

If you do have an issue with some aspect of your machines performance then I would recommend it's own tools (System File Checker, Chkdsk) or you could try Windows Repair (All In One) from here.

It will allow you to repair common issues with your computer such as firewall, file permission, and Windows Update problems.  When using this tool you can select the particular fixes you would like to launch and start the repair process.
 
  • 0

#18
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts

Ok. Yesterday after one occurrence of this problem, the next normal boot worked fine. Today, I gave myself some time today to see if I can reproduce the original problem, and it was reproducible today multiple times. Two times my machine hanged right after boot and once not able to boot at all.

 

I will follow the steps you mentioned and will update here. Sorry about the delay, I had to be off from my desk for quite a bit of time today. Thank you very much for your help.


  • 0

#19
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

:thumbsup:


  • 0

#20
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts

I have uninstalled zonealarm, mcafee security scan plus, norton safe web lite from control panel in safe mode. My computer did freeze multiple times while I was trying to uninstall these. But finally I was able to get through the uninstallation. I will give myself more time today to see if uninstalling these have fixed my problem. I will keep you posted..


  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

If it doesn't fix the problem run a scan with FRST with the Addition.txt box ticked and post back the two logs it generates, FRST.txt and Addition.txt.

 

Download Farbar Recovery Scan Tool from here. Make sure you save it to your desktop. :)
 


  • 0

#22
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts

Ok. Freezing still happens after uninstallation of those programs. I did the scan using FRST in "safe mode with networking" and pasted the logs here. Please see below - 

 

---------------------------------------------------------

 

FRST.txt

 

 

---------------------------------------------------------

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
Ran by Rajagopal Kumar (administrator) on RAJAGOPALKUMAR (30-08-2015 17:03:33)
Running from C:\Users\Rajagopal Kumar\Desktop
Loaded Profiles: Rajagopal Kumar (Available Profiles: Rajagopal Kumar & rajagopal ravikumar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [908320 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231264 2009-09-02] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2104104 2010-03-18] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Lenovo\LenovoSecuritySolution FP\launcher.exe [84744 2010-03-29] (UPEK Inc.)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4448704 2010-03-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056832 2010-03-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [HPRAService] => C:\Program Files\RA2HP\HPRAService.exe [126464 2010-04-01] (Hewlett-Packard Company)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167008 2009-11-11] (CyberLink Corp.)
HKLM-x32\...\Run: [JunosPulse] => c:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2522672 2014-04-09] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\Run: [Google Update] => C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21416 2012-03-01] ()
HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [943504 2012-02-03] (Samsung)
HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\Run: [cdloader] => C:\Users\Rajagopal Kumar\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [24055464 2015-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Lenovo\LenovoSecuritySolution FP\farchns.dll [2010-03-29] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Lenovo\LenovoSecuritySolution FP\farchns.dll [2010-03-29] (UPEK Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2010-09-08] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2015-05-24]
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-05-24]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Rajagopal Kumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012-09-03]
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{208ACD85-A8F0-4656-B58A-97E1243B787F}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{38DED0E4-DCFB-40F3-BE6A-B632F1CBC7B6}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9078A1CE-17DD-49B7-90E1-13FEF8584260}: [NameServer] 16.110.135.51,16.110.135.52
Tcpip\..\Interfaces\{982B7804-FBA3-42FB-817E-8FF9DC05C9DA}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000 - (No Name) - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - No File
SearchScopes: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000 -> {9794102D-EC13-4B5D-88BA-910F6462872C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: KeyScramblerBHO Class -> {2B9F5787-88A5-4945-90E7-C4B18563BC5E} -> C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll [2012-06-07] (QFX Software Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-03] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-03] (Oracle Corporation)
BHO-x32: KeyScramblerBHO Class -> {2B9F5787-88A5-4945-90E7-C4B18563BC5E} -> C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll [2012-09-03] (QFX Software Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {AB01FF2E-A848-410C-B47B-CB467C476AD9} hxxps://digitalbadge.external.hp.com/hp/HPPKI.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-19] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\u8k2wabt.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\windows\system32\npDeployJava1.dll [2012-09-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-09-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-06-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-19] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-04-11] ( )
FF Plugin-x32: @rooms.hp.com -> C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll [2012-10-10] ( )
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll [2011-06-01] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2180650751-2005149398-3877183700-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Rajagopal Kumar\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-23] (Citrix Online)
FF Plugin HKU\S-1-5-21-2180650751-2005149398-3877183700-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2012-07-17] (Google)
FF Plugin HKU\S-1-5-21-2180650751-2005149398-3877183700-1000: @talk.google.com/O3DPlugin -> C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2012-07-17] ()
FF Plugin HKU\S-1-5-21-2180650751-2005149398-3877183700-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2180650751-2005149398-3877183700-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2180650751-2005149398-3877183700-1000: SkypeForBusinessPlugin-15.8 -> C:\Users\Rajagopal Kumar\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.351\npGatewayNpapi.dll [2015-03-13] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2180650751-2005149398-3877183700-1000: SkypeForBusinessPlugin64-15.8 -> C:\Users\Rajagopal Kumar\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.351\npGatewayNpapi-x64.dll [2015-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Rajagopal Kumar\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2012-07-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Rajagopal Kumar\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2012-07-17] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Rajagopal Kumar\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF SearchPlugin: C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\u8k2wabt.default\searchplugins\youtube.xml [2012-03-14]
FF Extension: KeyScrambler - C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\u8k2wabt.default\Extensions\[email protected] [2012-09-03]
FF Extension: DivX Web Player - C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\u8k2wabt.default\Extensions\[email protected] [2012-02-20]
FF Extension: NoScript - C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\u8k2wabt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-09-03]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\u8k2wabt.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-11-12]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST
 
Chrome: 
=======
CHR Profile: C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-03]
CHR Extension: (Angry Birds) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-07-07]
CHR Extension: (Ad Block Express) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankoaclbfmdocnmjbokdkohpehjjinen [2013-11-25]
CHR Extension: (Google Docs) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03]
CHR Extension: (Google Drive) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-03]
CHR Extension: (YouTube) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Cast) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-14]
CHR Extension: (Pop Up Blocker Program ) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdbefhoembdcnpapmodimamlnahaciih [2014-10-09]
CHR Extension: (TOEFL Essay Practice) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceeicgdpllljlklonpkbhjighniifjij [2012-07-07]
CHR Extension: (Google Search) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Adblock Plus Popup) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaglijdkglfgnodgahnfalkohplchphh [2014-10-09]
CHR Extension: (Type Scout - Better Typing! :)) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2012-07-07]
CHR Extension: (Google Sheets) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-03]
CHR Extension: (No Name) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-27]
CHR Extension: (Cut the Rope) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2012-07-07]
CHR Extension: (Apple Shooter) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm [2012-07-07]
CHR Extension: (Typing Test - KeyHero) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2012-07-07]
CHR Extension: (Island Runner) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kccnmldhohpnaahmlnafmfdigggmhaoc [2012-07-07]
CHR Extension: (Google Voice (by Google)) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-06-29]
CHR Extension: (Youtube Downloader Google Chrome) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kepfmlbnmfkakibipenekfmdgenllpke [2014-12-08]
CHR Extension: (Save as PDF) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2013-01-21]
CHR Extension: (Ad Block Express) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcmmpmjjaockhkcofljpakjcbmjmgla [2013-02-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2013-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Type Fu (hosted)) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo [2012-07-07]
CHR Extension: (Gmail) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
StartMenuInternet: Google Chrome - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [873248 2010-02-18] (Broadcom Corporation.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [414984 2009-07-28] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [472328 2009-07-28] (Lenovo Group Limited)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [204304 2012-04-11] (Nitro PDF Software)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S2 UpekSrvc; C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe [72456 2010-03-29] (UPEK Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll" /prefetch:1
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [20032 2011-08-22] (Devguru Co., Ltd)
R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [506160 2014-03-13] (Juniper Networks)
S4 jnprTdi_803_44983; C:\windows\system32\Drivers\jnprTdi_803_44983.sys [108344 2014-04-09] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2014-03-13] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2014-03-13] (Juniper Networks, Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222904 2011-12-14] (QFX Software Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [215040 2010-02-24] (Vimicro Corporation)
S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
S1 A2DDA; \??\C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys [X]
S1 ccSet_NST; \SystemRoot\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-30 17:03 - 2015-08-30 17:04 - 00054108 _____ C:\Users\Rajagopal Kumar\Desktop\FRST.txt
2015-08-30 17:03 - 2015-08-30 17:03 - 00000000 ____D C:\FRST
2015-08-30 17:02 - 2015-08-30 17:02 - 02188288 _____ (Farbar) C:\Users\Rajagopal Kumar\Desktop\FRST64.exe
2015-08-30 16:58 - 2015-08-30 16:58 - 00114808 _____ C:\Users\rajagopal ravikumar\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-30 16:58 - 2015-08-30 16:58 - 00000000 ____D C:\Users\rajagopal ravikumar\AppData\Roaming\Protector Suite
2015-08-30 16:58 - 2015-08-30 16:58 - 00000000 ____D C:\Users\rajagopal ravikumar\AppData\Roaming\Juniper Networks
2015-08-30 16:58 - 2015-08-30 16:58 - 00000000 ____D C:\Users\rajagopal ravikumar\AppData\Roaming\Intel Corporation
2015-08-30 16:57 - 2015-08-30 16:57 - 00001424 _____ C:\Users\rajagopal ravikumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-30 16:57 - 2015-08-30 16:57 - 00000000 ____D C:\Users\rajagopal ravikumar\AppData\Roaming\Adobe
2015-08-30 16:56 - 2015-08-30 16:58 - 00001093 _____ C:\Users\rajagopal ravikumar\Desktop\CyberLink YouCam.lnk
2015-08-30 16:56 - 2015-08-30 16:58 - 00000000 ____D C:\Users\rajagopal ravikumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-30 16:56 - 2015-08-30 16:57 - 00000000 ____D C:\Users\rajagopal ravikumar
2015-08-30 16:56 - 2015-08-30 16:56 - 00000020 ___SH C:\Users\rajagopal ravikumar\ntuser.ini
2015-08-30 16:56 - 2012-02-01 23:21 - 00000000 ____D C:\Users\rajagopal ravikumar\AppData\Local\Microsoft Help
2015-08-30 16:56 - 2011-11-25 18:19 - 00000000 ____D C:\Users\rajagopal ravikumar\AppData\Roaming\Macromedia
2015-08-30 16:56 - 2010-09-08 08:53 - 00002111 _____ C:\Users\rajagopal ravikumar\Desktop\OneKey Recovery.lnk
2015-08-30 16:56 - 2009-07-13 21:54 - 00000000 ___RD C:\Users\rajagopal ravikumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-30 16:56 - 2009-07-13 21:49 - 00000000 ___RD C:\Users\rajagopal ravikumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-28 21:01 - 2015-08-28 21:01 - 00000000 ____D C:\ProgramData\Oracle
2015-08-28 21:01 - 2015-08-28 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-28 21:01 - 2015-08-28 21:00 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-08-28 21:01 - 2015-08-28 21:00 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-08-28 21:01 - 2015-08-28 21:00 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-08-28 21:01 - 2015-08-28 21:00 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-28 21:00 - 2015-08-28 21:00 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-28 00:32 - 2015-08-28 00:32 - 00053248 _____ C:\windows\SysWOW64\zlib.dll
2015-08-28 00:32 - 2015-08-28 00:32 - 00001223 _____ C:\Users\Public\Desktop\CryptoPrevent.lnk
2015-08-28 00:32 - 2015-08-28 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-08-28 00:32 - 2015-08-28 00:32 - 00000000 ____D C:\ProgramData\Foolish IT
2015-08-28 00:32 - 2015-08-28 00:32 - 00000000 ____D C:\Program Files (x86)\Foolish IT
2015-08-28 00:31 - 2015-08-28 00:31 - 00972464 _____ (Foolish IT LLC ) C:\Users\Rajagopal Kumar\Downloads\CryptoPreventSetup.exe
2015-08-28 00:24 - 2015-08-28 00:26 - 00001847 _____ C:\DelFix.txt
2015-08-27 11:08 - 2015-08-27 11:08 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-25 09:27 - 2015-08-10 18:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-25 09:27 - 2015-08-10 18:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-25 09:27 - 2015-08-10 17:33 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-08-25 09:27 - 2015-08-10 17:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-24 23:58 - 2015-08-24 23:58 - 00001090 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-08-24 23:58 - 2015-08-24 23:58 - 00000000 ____D C:\ProgramData\Licenses
2015-08-24 00:31 - 2015-08-24 00:31 - 02620595 _____ C:\Users\Rajagopal Kumar\Downloads\B26B.tmp
2015-08-23 21:26 - 2015-08-23 21:27 - 77789672 _____ C:\Users\Rajagopal Kumar\Downloads\Windows6.1-KB947821-v34-x64.msu.crdownload
2015-08-21 12:06 - 2015-08-21 12:06 - 00022011 _____ C:\Users\Rajagopal Kumar\Downloads\friend039s-wife-[bleep]ed-by-me-when-she-visit-my-house-620905.html
2015-08-18 20:42 - 2015-08-18 20:42 - 00025914 _____ C:\Users\Rajagopal Kumar\Downloads\sabudana-upma
2015-08-18 20:39 - 2015-08-18 20:47 - 00006843 _____ C:\Users\Rajagopal Kumar\Downloads\Unconfirmed 76468.crdownload
2015-08-17 19:08 - 2015-08-17 19:08 - 00013958 _____ C:\Users\Rajagopal Kumar\Downloads\registerform.php
2015-08-16 12:07 - 2015-08-16 12:07 - 00000233 _____ C:\Users\Rajagopal Kumar\Downloads\ads-iframe-display (3).php
2015-08-15 17:56 - 2015-08-15 17:57 - 00019081 _____ C:\Users\Rajagopal Kumar\Downloads\Chinese-masseuse-[bleep]s-customer-in-Manchester-hidden-c-822663.html
2015-08-15 17:56 - 2015-08-15 17:57 - 00004243 _____ C:\Users\Rajagopal Kumar\Downloads\sh.4c9a1c77.html
2015-08-15 17:54 - 2015-08-15 18:02 - 00008212 _____ C:\Users\Rajagopal Kumar\Downloads\7tUlZKGPU61.js
2015-08-15 17:54 - 2015-08-15 17:55 - 00014346 _____ C:\Users\Rajagopal Kumar\Downloads\video (1).php
2015-08-15 17:53 - 2015-08-15 17:54 - 00008872 _____ C:\Users\Rajagopal Kumar\Downloads\video.php
2015-08-12 23:41 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 23:41 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 00:18 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-12 00:18 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-12 00:18 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-12 00:18 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-12 00:18 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-12 00:18 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-08-12 00:18 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-12 00:18 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-12 00:18 - 2015-07-15 11:15 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 00:18 - 2015-07-15 11:15 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-12 00:18 - 2015-07-15 11:15 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-12 00:18 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 00:18 - 2015-07-15 11:12 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 00:18 - 2015-07-15 11:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-08-12 00:18 - 2015-07-15 11:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-08-12 00:18 - 2015-07-15 11:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-08-12 00:18 - 2015-07-15 11:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-12 00:18 - 2015-07-15 11:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-12 00:18 - 2015-07-15 11:10 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-12 00:18 - 2015-07-15 11:10 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-12 00:18 - 2015-07-15 11:10 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-08-12 00:18 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-12 00:18 - 2015-07-15 11:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-08-12 00:18 - 2015-07-15 11:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-12 00:18 - 2015-07-15 11:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-12 00:18 - 2015-07-15 11:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-08-12 00:18 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-08-12 00:18 - 2015-07-15 10:56 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 00:18 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-08-12 00:18 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-08-12 00:18 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-08-12 00:18 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-08-12 00:18 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-08-12 00:18 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-12 00:18 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-12 00:18 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-08-12 00:18 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-08-12 00:18 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-08-12 00:18 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-08-12 00:18 - 2015-07-15 10:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-08-12 00:18 - 2015-07-15 10:53 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-08-12 00:18 - 2015-07-15 10:53 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-12 00:18 - 2015-07-15 10:53 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-08-12 00:18 - 2015-07-15 10:53 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-08-12 00:18 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-08-12 00:18 - 2015-07-15 10:53 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-08-12 00:18 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-08-12 00:18 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 09:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-12 00:18 - 2015-07-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-12 00:18 - 2015-07-15 09:46 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-12 00:18 - 2015-07-15 09:37 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-08-12 00:18 - 2015-07-15 09:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-08-12 00:18 - 2015-07-15 09:34 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 09:34 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 09:34 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 00:18 - 2015-07-15 09:34 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 00:15 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 00:14 - 2015-07-20 17:39 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-12 00:14 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-12 00:14 - 2015-07-16 13:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-12 00:14 - 2015-07-16 13:37 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-12 00:14 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 00:14 - 2015-07-16 13:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-12 00:14 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 00:14 - 2015-07-16 13:27 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-12 00:14 - 2015-07-16 13:26 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-12 00:14 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 00:14 - 2015-07-16 13:21 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-12 00:14 - 2015-07-16 13:21 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-12 00:14 - 2015-07-16 13:12 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-12 00:14 - 2015-07-16 13:08 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-12 00:14 - 2015-07-16 13:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 00:14 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 00:14 - 2015-07-16 12:51 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-12 00:14 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-08-12 00:14 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 00:14 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-08-12 00:14 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-08-12 00:14 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 00:14 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-08-12 00:14 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-08-12 00:14 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 00:14 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 00:14 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-08-12 00:14 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-08-12 00:14 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 00:14 - 2015-07-16 12:35 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-12 00:14 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 00:14 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-08-12 00:14 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 00:14 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-08-12 00:14 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-12 00:14 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-12 00:14 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 00:14 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 00:14 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-08-12 00:14 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 00:14 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-08-12 00:14 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 00:14 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 00:14 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 00:14 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 00:14 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 00:13 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 00:13 - 2015-07-16 13:35 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-12 00:13 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 00:13 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 00:13 - 2015-07-16 13:21 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-12 00:13 - 2015-07-16 12:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-12 00:13 - 2015-07-16 12:54 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-12 00:13 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 00:13 - 2015-07-16 12:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-12 00:13 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 00:09 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-12 00:09 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 00:09 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 00:09 - 2015-07-30 11:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-12 00:09 - 2015-07-30 11:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 00:09 - 2015-07-30 11:06 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-12 00:09 - 2015-07-30 11:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-12 00:09 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-08-12 00:09 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 00:09 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-08-12 00:09 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 00:09 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-08-12 00:09 - 2015-07-30 10:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-08-12 00:09 - 2015-07-30 09:56 - 03208192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 00:09 - 2015-07-30 09:52 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 00:09 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 00:09 - 2015-07-20 11:12 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 00:09 - 2015-07-20 11:12 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 00:09 - 2015-07-16 12:12 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 00:09 - 2015-07-16 12:12 - 00269824 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-08-12 00:09 - 2015-07-16 12:12 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-08-12 00:09 - 2015-07-16 12:11 - 05779456 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 00:09 - 2015-07-16 12:11 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-08-12 00:09 - 2015-07-16 12:11 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-12 00:09 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 00:09 - 2015-07-14 20:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 00:09 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-12 00:09 - 2015-07-14 20:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-12 00:09 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 00:09 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 00:09 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-08-12 00:09 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-08-12 00:09 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-12 00:09 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-08-12 00:09 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 00:09 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 00:09 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 00:09 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 00:09 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 00:09 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 00:09 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 00:08 - 2015-07-20 11:12 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 00:08 - 2015-07-20 11:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 00:08 - 2015-07-20 11:12 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 00:08 - 2015-07-20 11:12 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 00:08 - 2015-07-20 11:12 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-12 00:08 - 2015-07-20 11:12 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-12 00:08 - 2015-07-20 11:12 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 00:08 - 2015-07-20 11:12 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-12 00:08 - 2015-07-20 11:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-12 00:08 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 00:08 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 00:08 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 00:08 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 00:08 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-12 00:08 - 2015-05-09 11:26 - 00493504 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-07 23:48 - 2015-08-07 23:48 - 00001480 _____ C:\Users\Rajagopal Kumar\Downloads\daily-show-host-jon-stewart-bids-adieu-after-16-years-1514479
2015-08-02 17:22 - 2015-08-02 17:23 - 00023593 _____ C:\Users\Rajagopal Kumar\Downloads\download (2)
2015-08-02 17:20 - 2015-08-02 17:20 - 00013315 _____ C:\Users\Rajagopal Kumar\Downloads\download (1)
2015-07-31 11:42 - 2015-07-31 11:42 - 00000229 _____ C:\Users\Rajagopal Kumar\Downloads\ads-iframe-display (2).php
2015-07-31 11:34 - 2015-07-31 11:34 - 00000039 _____ C:\Users\Rajagopal Kumar\Downloads\ads-iframe-display (1).php
2015-07-31 11:32 - 2015-07-31 11:36 - 00000850 _____ C:\Users\Rajagopal Kumar\Downloads\container.html
2015-07-31 01:03 - 2015-07-31 01:03 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Local\GWX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-30 16:58 - 2011-11-21 09:28 - 02926997 _____ C:\FaceProv.log
2015-08-30 16:57 - 2014-09-22 22:54 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-30 16:57 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-30 16:56 - 2011-11-21 09:25 - 01420954 _____ C:\windows\WindowsUpdate.log
2015-08-30 16:56 - 2010-09-08 08:55 - 00915328 _____ C:\windows\system32\TPHDLOG0.LOG
2015-08-30 16:55 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-30 16:53 - 2009-07-13 21:51 - 00195231 _____ C:\windows\setupact.log
2015-08-30 16:50 - 2009-07-13 21:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-30 16:50 - 2009-07-13 21:45 - 00022704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-30 16:49 - 2010-09-08 08:55 - 01847104 _____ C:\windows\system32\TPAPSLOG.LOG
2015-08-30 16:39 - 2015-05-30 17:08 - 00000654 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-2180650751-2005149398-3877183700-1000.job
2015-08-30 16:23 - 2010-09-08 08:54 - 01689410 _____ C:\windows\PFRO.log
2015-08-30 15:59 - 2011-12-10 16:27 - 00000000 ____D C:\ProgramData\Norton
2015-08-29 03:04 - 2011-11-25 18:07 - 00000948 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000UA.job
2015-08-29 02:29 - 2012-09-03 20:26 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-29 02:21 - 2015-01-23 10:08 - 00000558 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2180650751-2005149398-3877183700-1000.job
2015-08-28 22:04 - 2011-11-25 18:07 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000Core.job
2015-08-28 20:59 - 2013-09-08 18:03 - 00000000 ____D C:\Raju
2015-08-28 20:54 - 2014-09-22 22:53 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-28 20:54 - 2014-09-22 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-28 20:54 - 2014-09-22 22:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-28 20:51 - 2011-12-10 16:34 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Local\CrashDumps
2015-08-28 00:35 - 2013-07-31 03:01 - 00000000 ____D C:\windows\system32\MRT
2015-08-27 15:02 - 2009-07-13 22:13 - 00799790 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-26 22:47 - 2009-07-13 20:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2015-08-26 22:47 - 2009-07-13 20:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-08-25 03:31 - 2012-01-28 13:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-25 03:27 - 2015-06-19 09:42 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-25 00:01 - 2010-09-08 08:49 - 00000000 ____D C:\ProgramData\Temp
2015-08-25 00:00 - 2012-09-03 20:36 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-08-24 23:58 - 2012-09-03 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-08-24 21:25 - 2011-11-23 09:19 - 00000000 ____D C:\Users\Rajagopal Kumar
2015-08-24 20:05 - 2015-04-04 12:37 - 00000000 ___SD C:\windows\system32\GWX
2015-08-24 20:05 - 2011-11-25 18:08 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-24 20:05 - 2011-11-23 09:19 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-24 20:04 - 2009-07-13 20:20 - 00000000 ____D C:\windows\registration
2015-08-24 20:03 - 2015-06-26 10:11 - 00000000 __RHD C:\MSOCache
2015-08-20 20:54 - 2010-09-08 08:51 - 00000000 ____D C:\ProgramData\VeriFace
2015-08-20 20:53 - 2009-07-13 22:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-08-19 00:21 - 2012-05-30 11:18 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Roaming\PrimoPDF
2015-08-15 18:38 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2015-08-14 09:21 - 2009-07-13 21:45 - 00442424 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-14 09:17 - 2014-12-18 00:45 - 00000000 ____D C:\windows\system32\appraiser
2015-08-14 09:17 - 2014-05-10 02:53 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-14 00:48 - 2012-09-03 20:26 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-14 00:48 - 2012-09-03 20:26 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-14 00:48 - 2011-11-25 17:55 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 23:41 - 2012-04-21 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 21:13 - 2012-04-21 16:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 21:13 - 2012-04-21 16:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-09 23:16 - 2011-12-10 16:25 - 00000000 ____D C:\norton
2015-08-05 20:26 - 2010-09-08 08:55 - 01819584 _____ C:\windows\system32\TPAPSLOG(19).LOG
2015-08-03 23:56 - 2011-12-05 02:12 - 00000000 ____D C:\Users\Rajagopal Kumar\AppData\Roaming\vlc
 
==================== Files in the root of some directories =======
 
2014-09-22 23:18 - 2015-05-27 21:12 - 0007605 _____ () C:\Users\Rajagopal Kumar\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Rajagopal Kumar\AppData\Local\Temp\jre-7u79-windows-i586-iftw.exe
C:\Users\Rajagopal Kumar\AppData\Local\Temp\Uninstall.exe
C:\Users\Rajagopal Kumar\AppData\Local\Temp\{92622AAD-05E8-4459-B256-765CE1E929FB}_NST_4023.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-25 03:54
 
==================== End of FRST.txt ============================
 
-----------------------------------------------------------------------------------------------------------------------------
 
Addition.txt
 
 
---------------------------------------------------------------------------------------------------------------------------
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015
Ran by Rajagopal Kumar (2015-08-30 17:05:25)
Running from C:\Users\Rajagopal Kumar\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2180650751-2005149398-3877183700-500 - Administrator - Disabled)
Guest (S-1-5-21-2180650751-2005149398-3877183700-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2180650751-2005149398-3877183700-1004 - Limited - Enabled)
Rajagopal Kumar (S-1-5-21-2180650751-2005149398-3877183700-1000 - Administrator - Enabled) => C:\Users\Rajagopal Kumar
rajagopal ravikumar (S-1-5-21-2180650751-2005149398-3877183700-1006 - Administrator - Enabled) => C:\Users\rajagopal ravikumar
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.08 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AoA Audio Extractor (HKLM-x32\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version:  - AoAMedia.com)
AOL Toolbar (HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\AOL Toolbar) (Version:  - )
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ChromecastApp (HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2311 - CyberLink Corp.)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.6 - Lenovo)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Google Chrome (HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{83A5D4E9-7FE6-336D-9525-F1C879496014}) (Version: 3.3.2.8436 - Google)
GoToMeeting 7.2.3.3019 (HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\GoToMeeting) (Version: 7.2.3.3019 - CitrixOnline)
HipChat (HKLM-x32\...\{D841EE48-5BDF-433C-A6C4-261855E542E9}) (Version: 2.2.1221 - Atlassian Inc)
HP Virtual Room Client Launcher Plugin (HKLM-x32\...\{E9C450A0-4606-11E0-9207-0800200C9A66}) (Version: 2.0.0.1 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java 7 Update 79 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Juniper Networks Setup Client (HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junos Pulse (Version: 5.0.44983 - Juniper Networks) Hidden
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.44983 - Juniper Networks, Inc.)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 2.9.2.0 - QFX Software Corporation)
Kies mini (HKLM-x32\...\InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Kies mini (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1400 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 2.10.02.23.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.17 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo Security Solution FP (HKLM\...\{0F841121-4DB6-4B31-839F-7F5AB3BB3423}) (Version: 5.9.3.6245 - UPEK Inc.)
magicJack (HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Lync 2010 Attendee (HKLM-x32\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
NEF to JPG (HKLM-x32\...\{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1) (Version:  - neftojpg.com)
Nitro Reader 2 (HKLM\...\{7B72A3FB-2563-4A83-B054-98C57415DFFA}) (Version: 2.3.1.7 - Nitro PDF Software)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.1.18 (HKLM\...\{4EE61784-10C6-4B7C-A0B2-5BED17B05741}) (Version: 4.1.18 - Oracle Corporation)
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.6 - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Remote Access to HP Network 6.2 (HKLM\...\{9F150026-E7A4-47D9-B0E2-7666EEC54AA6}) (Version: 6.2.3.52064 - Hewlett-Packard Company)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.2.0.12014_18 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
Skype for Business Web App Plug-in (HKLM-x32\...\{7EA9A4CD-6875-4F3C-A4D4-42C924AD3CF8}) (Version: 15.8.20020.351 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.13.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.0.0730 - Lenovo)
Vim 7.3 (self-installing) (HKLM\...\Vim 7.3) (Version:  - )
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.17435 - VMware, Inc.)
VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.16964 - VMware, Inc.)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000_Classes\CLSID\{1542FC7D-8D51-43D5-B757-67C763F27BF4}\localserver32 -> C:\Users\Rajagopal Kumar\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.351\GatewayVersion-x64.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\Rajagopal Kumar\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.351\GatewayActiveX-x64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
28-08-2015 00:24:48 End of disinfection
28-08-2015 00:34:41 Windows Update
28-08-2015 20:58:10 Removed Java™ 6 Update 35
28-08-2015 21:00:13 Installed Java 7 Update 79
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-08-30 16:19 - 00000037 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A48790B-8F21-49D6-BCA2-002FCDE66934} - System32\Tasks\{CAA2C271-9E78-4B13-B771-BFEAB9B43BF6} => Firefox.exe http://ui.skype.com/...all?page=tsMain
Task: {15FCD675-73D4-4897-827E-3BFA92A8BB3F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-06-19] (Microsoft Corporation)
Task: {1E836FBE-A247-4075-A0E7-78F272158E84} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {24FB4A52-7D86-4D24-873D-9D159EBF5D2C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {5428AE52-65C6-4FE8-8D37-3EDCD57189F9} - System32\Tasks\{67D128B7-CF09-424C-B021-85A1D7231D4D} => pcalua.exe -a "C:\Users\Rajagopal Kumar\Downloads\IN3VDO43WW6.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {55F19CD7-5DDC-40B4-8FDA-407C1644F7CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {87FD0532-5C3B-44F7-9AE6-0466BA097486} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {88277C0E-4E7E-476C-B420-5DE07C77594C} - System32\Tasks\{AEB01D3F-7D48-4A30-BDBC-F3F68CBE86EE} => Firefox.exe http://ui.skype.com/...all?page=tsBing
Task: {93CD187A-AD37-42A9-8DE8-1F0DF268302B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {A1FAA169-2519-49D6-A9D2-86AFEC913226} - System32\Tasks\G2MUpdateTask-S-1-5-21-2180650751-2005149398-3877183700-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupdate.exe [2015-07-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B461737D-578C-4030-B304-9EF0F4FF78E8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000Core => C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {C43905FD-C93B-4E0C-806F-4A4661FA2BD0} - System32\Tasks\G2MUploadTask-S-1-5-21-2180650751-2005149398-3877183700-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupload.exe [2015-07-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C69F1BB0-3857-4F61-8E12-125B616DFB70} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14] (Adobe Systems Incorporated)
Task: {D20757B0-CFF4-4239-AEEC-0C6EA939D0CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-06-19] (Microsoft Corporation)
Task: {E0E97A4B-C8D4-4B17-9E32-5E6BBD65AFE8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000UA => C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2180650751-2005149398-3877183700-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-2180650751-2005149398-3877183700-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupload.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000Core.job => C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000UA.job => C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-19 11:39 - 2015-06-19 11:39 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-09-08 08:51 - 2010-09-08 08:51 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2010-09-08 08:51 - 2010-09-08 08:51 - 00622592 _____ () C:\windows\system32\SimpleExt.dll
2015-06-19 11:39 - 2015-06-19 11:39 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-08-24 21:40 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-08-24 21:40 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Rajagopal Kumar\Desktop\noname.eml:OECustomProperty
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\hp.com -> hxxps://hp.com
 
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\...\1001movie.com -> 1001movie.com
 
There are 6091 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rajagopal Kumar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: ZoneAlarm Installer => "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r  /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8215C609-9286-4EEF-BC10-2318CEF88218}] => (Allow) C:\Users\Rajagopal Kumar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{EB147613-C33A-4499-84A4-0A3ADF07DD65}] => (Allow) C:\Users\Rajagopal Kumar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{7459A482-86DC-4D9F-8847-E7BD8D47958E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C3F1332D-4B6E-4F39-8425-414AA1C6949C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1EAD79F7-B4AE-4EE5-87EF-E128A1FC8889}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6299D513-4903-4014-BA28-F48423DE4058}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E7162A74-E8A9-4405-AE3C-9CDB57DB5BB7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{BE4615D3-A12D-4C39-AE1E-16EB7794D6B6}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E3B50CE2-4C0E-4273-9F1A-DDA98A4A2FDD}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{421B08B4-2012-4645-AABE-B2C416F17986}] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{B477A468-0555-4711-A87A-9F60F0A7F9CD}] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{E267EF39-2810-4130-8188-CE084AF56ABB}] => (Allow) C:\Program Files (x86)\JDownloader\JDownloader.exe
FirewallRules: [{3D42C315-0A07-4FB5-AB82-07B62ADFFED2}] => (Allow) C:\Program Files (x86)\JDownloader\JDownloader.exe
FirewallRules: [{40B0CEB0-3399-4D92-97E6-3BE8179AFD0F}] => (Allow) C:\Program Files (x86)\JDownloader\JDownloader.exe
FirewallRules: [{8924E548-5944-4BBA-9174-A6EB4E16697D}] => (Allow) C:\Program Files (x86)\JDownloader\JDownloader.exe
FirewallRules: [{969EE50C-E0CA-4D29-91FD-023B887F6DA4}] => (Allow) C:\Users\Rajagopal Kumar\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{5CFF30FE-8D45-4BC6-A99B-6AEB732653D8}] => (Allow) C:\Users\Rajagopal Kumar\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{047D8F8E-1158-42AA-B959-1D65D3AAED82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{05D2B766-E6EF-472B-AAC0-CBCEEA6C8402}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5558A5DF-E982-4A81-B784-79BB3E93D94D}] => (Allow) C:\Users\Rajagopal Kumar\AppData\Local\Microsoft Lync Attendee\AttendeeCommunicator.exe
FirewallRules: [{CF4C00FF-9B7D-491C-8C36-F328FB105F4C}] => (Allow) C:\Users\Rajagopal Kumar\AppData\Local\Microsoft Lync Attendee\AttendeeCommunicator.exe
FirewallRules: [{14BCE56C-B290-4B80-854C-7F54428B2F14}] => (Allow) C:\Users\Rajagopal Kumar\AppData\Local\Microsoft Lync Attendee\AttendeeCommunicator.exe
FirewallRules: [{626E21BA-AA40-4CB1-A5E2-963043E56E81}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{ABB2BA79-1F7B-440A-A4D0-40972DEE3557}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{76636A7A-1F5E-4A9A-B15C-273379BB25B2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{26A22A1C-2103-46E3-B33A-FF06201A95E9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{567B008F-5BB7-4C04-81DB-7A9EC9195A96}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{A815176F-0FC6-45AE-A3C9-C4695D92FBD2}] => (Allow) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
FirewallRules: [{3FE0076A-395B-4A1C-A486-8E6871B05CE3}] => (Allow) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
FirewallRules: [{9409B7C7-8053-449D-A6EB-43C37FD2475E}] => (Allow) C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/30/2015 05:01:07 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/30/2015 04:36:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/30/2015 04:35:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/30/2015 04:24:40 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/30/2015 04:19:48 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/30/2015 04:17:45 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/30/2015 04:09:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/30/2015 04:05:56 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/30/2015 03:57:00 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/29/2015 02:04:47 AM) (Source: MsiInstaller) (EventID: 11714) (User: RajagopalKumar)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.
 
 
System errors:
=============
Error: (08/30/2015 05:01:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (08/30/2015 05:01:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/30/2015 05:01:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/30/2015 05:01:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/30/2015 05:01:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/30/2015 05:01:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/30/2015 05:01:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/30/2015 05:01:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (08/30/2015 05:01:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (08/30/2015 05:01:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office:
=========================
 
CodeIntegrity:
===================================
  Date: 2015-08-30 16:38:25.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-29 02:54:48.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-29 01:13:37.085
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-29 00:14:23.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-28 20:52:51.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-28 20:37:57.546
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-28 00:57:35.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-28 00:51:38.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-28 00:23:51.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-27 18:34:49.335
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 33%
Total physical RAM: 3893.86 MB
Available physical RAM: 2580.48 MB
Total Virtual: 7785.92 MB
Available Virtual: 6379.69 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:420.66 GB) (Free:50.56 GB) NTFS
Drive d: () (Fixed) (Total:30 GB) (Free:29.91 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 600F9598)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#23
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello again rajagopal,

Let's see if getting rid of some leftovers and running a couple of repair utilities helps. :)

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

URLSearchHook: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000 - (No Name) - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - No File
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
C:\Program Files\CheckPoint
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST
C:\ProgramData\Norton
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll" /prefetch:1
C:\Program Files (x86)\Norton Safe Web Lite
CHR Extension: (No Name) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-27]
S1 A2DDA; \??\C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys [X]
S1 ccSet_NST; \SystemRoot\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit
C:\SystemRoot\system32\drivers\NSTx64
C:\Program Files\Enigma Software Group
2014-09-22 23:18 - 2015-05-27 21:12 - 0007605 _____ () C:\Users\Rajagopal Kumar\AppData\Local\resmon.resmoncfg
C:\Users\Rajagopal Kumar\AppData\Local\Temp\jre-7u79-windows-i586-iftw.exe
C:\Users\Rajagopal Kumar\AppData\Local\Temp\Uninstall.exe
C:\Users\Rajagopal Kumar\AppData\Local\Temp\{92622AAD-05E8-4459-B256-765CE1E929FB}_NST_4023.exe
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Use the System File Checker tool (SFC.exe) to check your system and replace files where necessary.

To do this, follow these steps:

  • To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
    sfc /scannow Please note that there is a single space between sfc and /scannow.

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

You should see the following on-screen messages:

Beginning the system scan. This process will take some time.

Beginning verification phase of system scan.

Verification % complete.

Once the scan has completed you will receive an onscreen message resembling one of the following:

…found no integrity violations

…found corruption but repaired it

…found corruption that it could not repair


Please reply with the completion message that you received.

Finally in this post

Please run Chkdsk:
 

  • Right click on the Start > Open Windows Explorer.
  • Find the hard drive letter (usually local disk C)  for which you want to run the Chkdsk utility.
  • Right-click on the driver letter and select Properties > Tools.
  • Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
  • Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
  • Click Start.
  • Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

Chkdsk will not run if the drive you wish to check is in use. You will be requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer. Shut down your computer and then turn it back on, Chkdsk will run.
 
If you need further help go here for information on how to run Chkdsk in Windows 7
 
Come back and tell me how it went.

So when you return please post

  • Fixlog.txt
  • results of System File Checker
  • Tell me how Chkdsk went

 


  • 0

#24
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts

The chkdsk ran for hours together, crawling at a slow pace. It was 21% done last I saw and then half hour later I saw my computer restarting at which point I missed to notice whether it was successful. I noticed the first three stages were successful. Please let me know if I need to run chkdsk again. I have pasted the other 2 logs here - 

 

-------------------------------------------------------

 

FixLog.txt

 

 

----------------------------------------------------

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:30-08-2015
Ran by Rajagopal Kumar (2015-08-30 19:25:54) Run:1
Running from C:\Users\Rajagopal Kumar\Desktop
Loaded Profiles: Rajagopal Kumar (Available Profiles: Rajagopal Kumar & rajagopal ravikumar)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
URLSearchHook: HKU\S-1-5-21-2180650751-2005149398-3877183700-1000 - (No Name) - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - No File
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
C:\Program Files\CheckPoint
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST
C:\ProgramData\Norton
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll" /prefetch:1
C:\Program Files (x86)\Norton Safe Web Lite
CHR Extension: (No Name) - C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-27]
S1 A2DDA; \??\C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys [X]
S1 ccSet_NST; \SystemRoot\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit
C:\SystemRoot\system32\drivers\NSTx64
C:\Program Files\Enigma Software Group
2014-09-22 23:18 - 2015-05-27 21:12 - 0007605 _____ () C:\Users\Rajagopal Kumar\AppData\Local\resmon.resmoncfg
C:\Users\Rajagopal Kumar\AppData\Local\Temp\jre-7u79-windows-i586-iftw.exe
C:\Users\Rajagopal Kumar\AppData\Local\Temp\Uninstall.exe
C:\Users\Rajagopal Kumar\AppData\Local\Temp\{92622AAD-05E8-4459-B256-765CE1E929FB}_NST_4023.exe
EmptyTemp:
*****************
 
HKU\S-1-5-21-2180650751-2005149398-3877183700-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi" => key removed successfully
"C:\Program Files\CheckPoint" => File/Folder not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E} => value removed successfully
C:\ProgramData\Norton => moved successfully
NSL => service removed successfully
"C:\Program Files (x86)\Norton Safe Web Lite" => File/Folder not found.
C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom => moved successfully
A2DDA => service removed successfully
ccSet_NST => service removed successfully
esgiguard => service removed successfully
"C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit" => File/Folder not found.
"C:\SystemRoot\system32\drivers\NSTx64" => File/Folder not found.
C:\Program Files\Enigma Software Group => moved successfully
C:\Users\Rajagopal Kumar\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\Rajagopal Kumar\AppData\Local\Temp\jre-7u79-windows-i586-iftw.exe => moved successfully
C:\Users\Rajagopal Kumar\AppData\Local\Temp\Uninstall.exe => moved successfully
C:\Users\Rajagopal Kumar\AppData\Local\Temp\{92622AAD-05E8-4459-B256-765CE1E929FB}_NST_4023.exe => moved successfully
EmptyTemp: => 514.7 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 19:26:13 ====
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
---------------------------------------------------------------------------------------------------------------------------------------------------------
 
  • results of System File Checker : found no integrity violations
 
 
--------------------------------------------------------------------------------------------------------------------------------------------------------
 
 
 
 
 
Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.
 
C:\windows\system32>sfc /scannow
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
Verification 100% complete.
 
Windows Resource Protection did not find any integrity violations.
 
C:\windows\system32>
 
 
-------------------------------------------------------------------------------------------------------------------------------------------------------

  • 0

#25
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Any change? Are you still getting the freezing?


  • 0

Advertisements


#26
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts

After the above steps, during the next 3 hours of usage , no freezing happened. I will try again today and let you know if it's reproducible.


  • 0

#27
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts

Hi Emeraldnzl,

 

I tried again booting in normal mode. Freezing still happens and is consistently reproducible. Freezes right after boot, or in the login screen, or in the windows startup options sometimes. :(


  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

 

Freezes right after boot, or in the login screen, or in the windows startup options sometimes.

 

Could be software related or a hardware problem.

 

Let's try this:

  • Click on Start then Run, type msconfig and press Enter.
  • Click on the Startup tab, record what is currently starting
  • then click the Disable All button.
  • Reboot and see if it runs better.

If yes then use msconfig to enable several items at a time till you find the culprit.

 

If no, start msconfig and click on the Services tab.

  • Check the Hide All Microsoft Services box, record what is currently starting then click the Disable All button.
  • Again, do a regular  boot, see if it runs normally.

If yes then use msconfig to enable services till you find the culprit.

Once you've found the culprit, uninstall it or find out how to eliminate it from your system. Simply disabling it in msconfig is a temporary fix at best.
Enable everything else you disabled.
 

Come back and tell me how you went.


  • 0

#29
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts

I have disabled all the startup programs from msconfig and rebooted the laptop. I will let you know how it goes.


  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

:thumbsup:


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP