Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Reconyc + slow computer

Started by queendom , Aug 03 2016 09:55 PM

  • Please log in to reply

#1
queendom
Posted 03 August 2016 - 09:55 PM

queendom

    Member

  • Member
  • PipPip
  • 75 posts

Thanks for your help!! My computer was infected with Trojan.Reconyc. Malwarebytes located and quarantined the infection last weekend. (As retrieved from the quarantine logs, Vendor: Trojan.Reconyc / Type: File / Location: C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience\7z.exe). Even after the quarantine, the computer continues to run slower than usual. Also, the computer mouse is extremely slow, although I have not made any recent hardware or software changes. To fix this, I tried uninstalling/reinstalling my keyboard/mouse software and changing the batteries but still no change. 

 

At one point, the computer would not fully load; I was only able to see the mouse pointer and a black screen. I ran ctrl-alt-del and noticed a running process called "Run Once." Once I terminated this process, the black screen went away and the desktop then loaded. Haven't had that problem since but thought you should know.

 

I believe that I acquired the infection while browsing websites. Didn't purposely download anything but noticed issues around that time.

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by ronak_000 (administrator) on HERPANDORA (03-08-2016 23:37:23)
Running from C:\Users\ronak_000\Desktop
Loaded Profiles: ronak_000 (Available Profiles: ronak_000 & Crawford)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Cisco) C:\Users\ronak_000\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJIE.EXE
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Users\ronak_000\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-07-05] (IDT, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1112760 2016-04-14] (Carbonite, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\ronak_000\AppData\Roaming\Spotify\Spotify.exe <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [Spotify Web Helper] => C:\Users\ronak_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-14] (Spotify Ltd)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [Amazon Music] => C:\Users\ronak_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-14] ()
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [PCShowServer] => C:\Users\ronak_000\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632504 2016-02-14] (Cisco)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJIE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJIE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-04-22]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-04-22]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (No File)
Startup: C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2015-05-27]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1956968038-1783308290-1564097226-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CE5EC543-607A-4404-846A-D8DCA026C6FC}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> DefaultScope {A0FC28FF-BFAC-43DD-8EDD-FB9BEBECB38B} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> {A0FC28FF-BFAC-43DD-8EDD-FB9BEBECB38B} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-04-22] (LastPass)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: AmazonPriceWatch.BHOClass -> {19810130-E5A5-4217-B937-19800508B4CD} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-22] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-04-22] (LastPass)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-22] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-04-22] (LastPass)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-04-22] (LastPass)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Toolbar: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-18] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-22] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-22] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-22] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\extensions\[email protected] [2016-04-25]
FF Extension: WOT - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-04-25]
FF Extension: Amazon Price Tracker - Keepa.com - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\extensions\[email protected] [2016-05-01]
FF Extension: Add to Amazon Wish List Button - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\extensions\[email protected] [2016-06-04]
FF Extension: Open in IE - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\Extensions\[email protected] [2016-04-26]
FF Extension: Adblock Plus - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-07-31] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.qvc.com/Sweepstakes.content.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=dss_yset_chr__PARAM__
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Yahoo Web) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2016-02-05]
CHR Extension: (Google Docs) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (PriceBlink) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2016-07-15]
CHR Extension: (Google Drive) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-02]
CHR Extension: (Google Search) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-05-27]
CHR Extension: (Google Sheets) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (Google Docs Offline) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-08-02]
CHR Extension: (Rating Program Extension) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\imbankdmoclhcdmdejkklikkpaidaeij [2016-07-21]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2016-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-07-19]
CHR Extension: (Gmail) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR Extension: (Chrome Media Router) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-30]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S4 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-09-27] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-27] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-27] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-18] (Dropbox, Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
S4 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2013-07-05] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [33376 2016-01-08] (DEVGURU Co., LTD.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-03 23:37 - 2016-08-03 23:37 - 00057862 _____ C:\Users\ronak_000\Desktop\FRST.txt
2016-08-03 23:36 - 2016-08-03 23:37 - 00000000 ____D C:\FRST
2016-08-03 23:34 - 2016-08-03 23:34 - 02393600 _____ (Farbar) C:\Users\ronak_000\Desktop\FRST64.exe
2016-08-02 10:45 - 2016-08-02 12:57 - 00000000 ____D C:\Users\ronak_000\Desktop\Paul Car
2016-08-02 10:44 - 2016-08-02 10:45 - 00000022 _____ C:\Users\ronak_000\Desktop\Attachments_201682.zip
2016-08-02 09:33 - 2016-08-02 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-02 09:33 - 2016-08-02 09:33 - 00000000 ____D C:\Program Files\iTunes
2016-08-02 09:33 - 2016-08-02 09:33 - 00000000 ____D C:\Program Files\iPod
2016-08-02 09:33 - 2016-08-02 09:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-01 22:33 - 2016-08-01 22:33 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-08-01 22:33 - 2016-08-01 22:33 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-08-01 22:32 - 2016-08-01 22:32 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-08-01 22:32 - 2016-08-01 22:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-07-31 02:34 - 2016-07-31 02:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-07-31 02:30 - 2016-07-31 02:30 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\sp6_log
2016-07-30 19:38 - 2016-07-30 19:38 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\IDT
2016-07-30 15:19 - 2016-07-30 15:19 - 00001875 _____ C:\Users\Crawford\Desktop\iTunes.lnk
2016-07-30 14:31 - 2016-07-30 15:22 - 00000000 ____D C:\Users\Crawford\AppData\Local\CrashDumps
2016-07-30 14:25 - 2016-07-30 14:25 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Macromedia
2016-07-30 14:25 - 2016-07-30 14:25 - 00000000 ____D C:\Users\Crawford\AppData\Local\Macromedia
2016-07-30 14:18 - 2016-07-31 22:36 - 00000000 ___RD C:\Users\Crawford\iCloudDrive
2016-07-30 14:18 - 2016-07-30 14:18 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-07-30 14:18 - 2016-07-30 14:18 - 00000000 ____D C:\Users\Crawford\AppData\Local\Apple Inc
2016-07-30 14:17 - 2016-08-01 14:17 - 00003430 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-07-30 14:08 - 2016-07-30 14:08 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Logishrd
2016-07-30 14:05 - 2016-07-30 14:05 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Logishrd
2016-07-30 14:04 - 2016-07-30 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-07-30 13:32 - 2016-08-01 18:52 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2A78B64C-881D-4206-B3FF-77592C1249CA}
2016-07-30 13:30 - 2016-08-01 06:36 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1956968038-1783308290-1564097226-1006
2016-07-30 13:28 - 2016-07-30 13:34 - 00000000 ____D C:\Users\Crawford\AppData\Local\Mozilla
2016-07-30 13:28 - 2016-07-30 13:28 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Mozilla
2016-07-30 13:26 - 2016-08-01 20:19 - 00000000 ____D C:\Users\Crawford\AppData\Local\ClassicShell
2016-07-30 13:26 - 2016-08-01 14:17 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Apple Computer
2016-07-30 13:26 - 2016-07-30 14:05 - 00000000 ____D C:\Users\Crawford\AppData\Local\Apple Computer
2016-07-30 13:26 - 2016-07-30 13:26 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\ClassicShell
2016-07-30 13:26 - 2016-07-30 13:26 - 00000000 ____D C:\Users\Crawford\AppData\Local\NVIDIA Corporation
2016-07-30 13:25 - 2016-07-30 14:05 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Logitech
2016-07-30 13:25 - 2016-07-30 13:25 - 00000000 ____D C:\Users\Crawford\AppData\Local\NVIDIA
2016-07-30 13:25 - 2016-07-30 13:25 - 00000000 ____D C:\Users\Crawford\AppData\Local\Dropbox
2016-07-30 13:25 - 2016-07-30 13:25 - 00000000 ____D C:\Users\Crawford\AppData\Local\Adobe
2016-07-30 13:24 - 2016-07-31 03:24 - 00000000 ____D C:\Users\Crawford
2016-07-30 13:24 - 2016-07-30 14:25 - 00000000 ____D C:\Users\Crawford\AppData\Local\Packages
2016-07-30 13:24 - 2016-07-30 13:24 - 00001448 _____ C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-30 13:24 - 2016-07-30 13:24 - 00000020 ___SH C:\Users\Crawford\ntuser.ini
2016-07-30 13:24 - 2016-07-30 13:24 - 00000000 _SHDL C:\Users\Crawford\My Documents
2016-07-30 13:24 - 2016-07-30 13:24 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Adobe
2016-07-30 13:24 - 2016-07-30 13:24 - 00000000 ____D C:\Users\Crawford\AppData\Local\VirtualStore
2016-07-30 13:24 - 2016-07-30 13:24 - 00000000 ____D C:\Users\Crawford\AppData\Local\Google
2016-07-30 13:24 - 2014-11-21 04:52 - 00000369 _____ C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-07-30 13:24 - 2014-11-21 04:52 - 00000369 _____ C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-07-30 13:08 - 2016-07-30 13:08 - 00000000 ____D C:\Program Files\Bonjour
2016-07-30 13:08 - 2016-07-30 13:08 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-07-30 13:07 - 2016-08-02 09:33 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-07-27 23:25 - 2016-07-27 23:25 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Downloaded Installations
2016-07-27 23:25 - 2016-07-27 23:25 - 00000000 ____D C:\Program Files (x86)\AMD
2016-07-27 23:25 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-07-27 23:25 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-07-27 23:25 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-07-27 23:25 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-07-26 13:27 - 2016-07-26 13:27 - 00000000 ____D C:\WINDOWS\EOONotify
2016-07-26 13:27 - 2016-06-18 16:06 - 00590688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-07-26 13:27 - 2016-06-18 16:06 - 00072408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2016-07-26 13:27 - 2016-06-11 15:52 - 00379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-07-26 13:27 - 2016-06-11 15:52 - 00057184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-07-26 13:27 - 2016-06-11 15:51 - 00563024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-07-26 13:27 - 2016-06-11 15:51 - 00397232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-07-26 13:27 - 2016-06-11 15:50 - 00178016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-07-26 13:27 - 2016-06-11 14:34 - 00340880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-07-26 13:27 - 2016-06-11 14:05 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpresult.exe
2016-07-26 13:27 - 2016-06-11 13:46 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-07-26 13:27 - 2016-06-11 13:14 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpresult.exe
2016-07-26 13:27 - 2016-06-11 13:00 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-07-26 13:27 - 2016-06-11 12:55 - 01443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-07-26 13:27 - 2016-06-11 12:50 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-07-26 13:27 - 2016-06-11 12:46 - 00482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2016-07-26 13:27 - 2016-06-11 12:44 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-07-26 13:27 - 2016-06-11 12:37 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-07-26 13:27 - 2016-06-11 12:24 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-07-26 13:27 - 2016-06-11 12:20 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-07-26 13:27 - 2016-06-11 12:16 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-07-26 13:27 - 2016-06-10 23:44 - 00107984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-07-26 13:27 - 2016-06-10 23:44 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-07-26 13:27 - 2016-06-10 16:07 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-07-26 13:27 - 2016-06-10 16:03 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-07-26 13:27 - 2016-06-10 15:04 - 03547136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-07-26 13:27 - 2016-06-10 14:11 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-07-26 13:27 - 2016-06-10 14:11 - 01487992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-07-26 13:27 - 2016-06-10 14:11 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-07-26 13:27 - 2016-06-10 14:11 - 00125024 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2016-07-26 13:27 - 2016-06-10 14:10 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2016-07-26 13:27 - 2016-06-10 14:07 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-07-26 13:27 - 2016-06-10 14:04 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-07-26 13:27 - 2016-06-09 15:32 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-07-26 13:27 - 2016-06-09 14:18 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-07-26 13:27 - 2016-06-07 14:10 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\hbaapi.dll
2016-07-26 13:27 - 2016-06-07 13:13 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hbaapi.dll
2016-07-26 13:27 - 2016-06-03 20:38 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-07-26 13:27 - 2016-06-03 20:37 - 01970968 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-07-25 11:41 - 2016-07-25 12:48 - 00000000 ____D C:\Users\ronak_000\Desktop\TheHopeLine
2016-07-25 05:54 - 2016-07-25 05:54 - 00141446 _____ C:\Users\ronak_000\Desktop\2016-FinancialSummary.pdf
2016-07-22 00:12 - 2016-07-22 00:12 - 00195853 _____ C:\Users\ronak_000\Desktop\EligibilityNotice.pdf
2016-07-19 23:48 - 2016-07-19 23:48 - 04870903 _____ C:\Users\ronak_000\Desktop\Feminine Manifesting a House.m4a
2016-07-19 22:41 - 2016-07-24 01:48 - 00000000 ____D C:\Users\ronak_000\Desktop\LOA
2016-07-16 21:28 - 2016-07-16 21:28 - 00347036 _____ C:\Users\ronak_000\Desktop\MeProfileWomen.pdf
2016-07-14 18:31 - 2016-06-11 14:14 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-07-14 18:31 - 2016-06-11 14:11 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-07-14 18:31 - 2016-06-11 13:56 - 25812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-07-14 18:31 - 2016-06-11 13:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-07-14 18:31 - 2016-06-11 13:42 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-07-14 18:31 - 2016-06-11 13:23 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-07-14 18:31 - 2016-06-11 13:22 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-07-14 18:31 - 2016-06-11 13:22 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-07-14 18:31 - 2016-06-11 13:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-07-14 18:31 - 2016-06-11 13:13 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-07-14 18:31 - 2016-06-11 13:12 - 20348928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-07-14 18:31 - 2016-06-11 13:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-07-14 18:31 - 2016-06-11 13:07 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-07-14 18:31 - 2016-06-11 13:03 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-07-14 18:31 - 2016-06-11 13:00 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-07-14 18:31 - 2016-06-11 12:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-07-14 18:31 - 2016-06-11 12:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-07-14 18:31 - 2016-06-11 12:43 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-07-14 18:31 - 2016-06-11 12:38 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-07-14 18:31 - 2016-06-11 12:33 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-07-14 18:31 - 2016-06-11 12:31 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-07-14 18:31 - 2016-06-11 12:31 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-07-14 18:31 - 2016-06-11 12:30 - 15409664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-07-14 18:31 - 2016-06-11 12:29 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-07-14 18:31 - 2016-06-11 12:26 - 02869248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-07-14 18:31 - 2016-06-11 12:15 - 13806080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-07-14 18:31 - 2016-06-11 12:12 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-07-14 18:31 - 2016-06-11 12:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-07-14 18:31 - 2016-06-11 11:59 - 02392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-07-14 18:31 - 2016-06-11 11:56 - 01315840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-07-14 18:31 - 2016-06-11 11:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-07-14 18:31 - 2016-05-25 09:22 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-07-14 18:31 - 2016-05-25 09:22 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-07-14 18:31 - 2016-05-25 09:12 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-07-14 18:31 - 2016-05-25 09:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-07-14 18:30 - 2016-06-25 14:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-07-14 18:30 - 2016-06-25 12:24 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-07-14 18:30 - 2016-06-25 12:15 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-07-14 18:30 - 2016-06-25 12:13 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-07-14 18:30 - 2016-06-25 12:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2016-07-14 18:30 - 2016-06-21 14:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-07-14 18:30 - 2016-06-21 10:12 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-07-14 18:30 - 2016-06-11 15:45 - 07445856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-07-14 18:30 - 2016-06-11 13:21 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-07-14 18:30 - 2016-06-11 13:01 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-07-14 18:30 - 2016-06-11 13:00 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-07-14 18:30 - 2016-06-11 12:31 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-07-14 18:30 - 2016-06-10 17:35 - 04167680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-07-14 18:30 - 2016-01-30 15:50 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-07-14 18:30 - 2016-01-30 15:00 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-07-14 18:30 - 2016-01-30 14:48 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-07-14 18:30 - 2016-01-30 14:18 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-07-14 18:30 - 2016-01-30 13:48 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-07-14 18:30 - 2016-01-30 13:41 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-07-11 15:03 - 2016-07-11 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-07 23:00 - 2016-07-07 23:00 - 00000000 ____D C:\Users\ronak_000\AppData\Local\openvr
2016-07-06 18:28 - 2016-06-25 16:05 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-07-06 18:28 - 2016-06-22 09:48 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-03 23:33 - 2015-06-02 10:00 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Spotify
2016-08-03 23:33 - 2015-05-27 14:55 - 00000000 ____D C:\Users\ronak_000\AppData\Local\ClassicShell
2016-08-03 23:28 - 2015-06-02 10:00 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Spotify
2016-08-03 22:58 - 2016-01-18 18:25 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-03 22:47 - 2015-05-27 15:01 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-03 22:28 - 2015-05-27 15:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-03 21:53 - 2015-05-27 11:42 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1956968038-1783308290-1564097226-1001
2016-08-03 21:46 - 2015-05-27 11:37 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B58D2DC0-5384-4315-9E71-00C3983E739A}
2016-08-03 21:44 - 2015-05-27 16:26 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-02 23:09 - 2014-11-21 04:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-02 23:09 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-08-02 23:03 - 2016-01-18 18:25 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-02 23:03 - 2015-05-27 15:38 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\stickies
2016-08-02 23:03 - 2015-05-27 15:01 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-02 23:03 - 2015-05-27 14:51 - 00000000 ___DO C:\Users\ronak_000\OneDrive
2016-08-02 23:03 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-02 23:02 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-02 22:56 - 2016-04-22 12:19 - 00000000 ____D C:\Users\ronak_000\AppData\LocalLow\LastPass
2016-08-02 15:13 - 2015-05-27 14:37 - 00000000 ____D C:\Users\ronak_000
2016-08-02 15:13 - 2013-08-22 10:44 - 00538440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-02 10:45 - 2015-07-06 21:14 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Apple Computer
2016-08-02 09:37 - 2015-05-27 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-02 09:37 - 2015-05-27 15:30 - 00000000 ____D C:\Program Files\Microsoft Office
2016-08-02 09:37 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-02 07:48 - 2016-04-23 09:52 - 00003192 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForronak_000
2016-08-02 07:48 - 2016-04-23 09:52 - 00000370 _____ C:\WINDOWS\Tasks\HPCeeScheduleForronak_000.job
2016-08-01 22:32 - 2014-11-21 04:25 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-01 21:14 - 2016-06-16 22:55 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-01 20:32 - 2015-06-04 19:31 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-07-31 03:46 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-07-31 02:34 - 2015-07-06 20:39 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-07-31 02:34 - 2015-07-06 20:39 - 00000000 ____D C:\ProgramData\Logishrd
2016-07-31 02:34 - 2015-07-06 20:38 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2016-07-30 14:38 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-30 14:25 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-30 13:32 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-30 13:08 - 2016-01-11 01:24 - 00000000 ____D C:\ProgramData\Apple Computer
2016-07-30 13:08 - 2015-07-06 20:09 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Apple Computer
2016-07-30 13:08 - 2013-04-22 15:34 - 00000000 ____D C:\ProgramData\Apple
2016-07-28 20:42 - 2015-05-27 15:01 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 20:42 - 2015-05-27 15:01 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 23:26 - 2015-07-03 00:21 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\NVIDIA
2016-07-27 21:30 - 2016-01-05 21:27 - 00000945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-07-27 21:23 - 2016-01-18 18:21 - 00000000 ____D C:\Users\ronak_000\AppData\Local\CrashDumps
2016-07-27 15:25 - 2015-05-27 13:33 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-27 02:34 - 2015-05-27 15:01 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-26 13:28 - 2015-12-23 16:10 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-07-26 13:28 - 2015-12-23 16:10 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-07-25 12:51 - 2015-05-27 19:29 - 03344384 ___SH C:\Users\ronak_000\Desktop\Thumbs.db
2016-07-24 01:26 - 2015-07-03 00:01 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\TeamViewer
2016-07-22 09:39 - 2015-09-26 03:35 - 00000000 ____D C:\ProgramData\Oracle
2016-07-22 08:19 - 2015-09-26 03:35 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-07-22 08:19 - 2015-09-26 03:35 - 00000000 ____D C:\Users\ronak_000\.oracle_jre_usage
2016-07-22 08:19 - 2015-09-26 03:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-22 08:19 - 2015-09-26 03:35 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-21 07:19 - 2016-05-01 01:31 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-21 07:16 - 2016-01-20 08:19 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-21 07:16 - 2015-12-21 11:24 - 00000000 ____D C:\Users\ronak_000\AppData\Local\ElevatedDiagnostics
2016-07-21 07:16 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-07-21 01:07 - 2015-05-31 11:11 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Skype
2016-07-18 02:14 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-07-18 02:12 - 2015-05-27 11:37 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Adobe
2016-07-18 02:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-18 02:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-16 01:51 - 2015-05-27 16:26 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-14 18:35 - 2015-05-27 12:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-14 18:32 - 2015-05-27 12:40 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-11 15:03 - 2015-08-11 10:10 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-07-09 02:31 - 2016-06-06 00:47 - 00000000 ____D C:\Users\ronak_000\Desktop\lol
2016-07-08 22:36 - 2015-06-14 20:02 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-07-07 22:58 - 2016-06-16 23:10 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
 
==================== Files in the root of some directories =======
 
2016-04-22 12:11 - 2016-04-22 12:11 - 0000422 _____ () C:\Users\ronak_000\AppData\Local\LMIR0002.tmp.bat
2016-04-22 12:11 - 2016-04-22 12:11 - 0000347 _____ () C:\Users\ronak_000\AppData\Local\LMIR0002.tmp_r.bat
2016-04-23 08:05 - 2016-04-23 08:05 - 0000422 _____ () C:\Users\ronak_000\AppData\Local\LMIR0003.tmp.bat
2016-04-23 08:05 - 2016-04-23 08:05 - 0000347 _____ () C:\Users\ronak_000\AppData\Local\LMIR0003.tmp_r.bat
2016-04-23 08:47 - 2016-04-23 08:47 - 0000369 _____ () C:\Users\ronak_000\AppData\Local\LMIR0004.tmp_r.bat
2016-04-23 10:05 - 2016-04-23 10:05 - 0000369 _____ () C:\Users\ronak_000\AppData\Local\LMIR0005.tmp_r.bat
2015-07-28 14:08 - 2015-01-29 11:14 - 0010240 _____ () C:\Users\ronak_000\AppData\Local\Z@!-03e55542-6305-4337-9fe5-3166f1ad8595.tmp
2015-07-28 14:08 - 2015-01-29 11:14 - 0010240 _____ () C:\Users\ronak_000\AppData\Local\Z@!-dd35e75b-c5be-4ecd-b487-94e7241311e8.tmp
2015-07-28 14:08 - 2015-01-29 11:14 - 0009216 _____ () C:\Users\ronak_000\AppData\Local\Z@S!-fc3979ac-1e8c-4812-97d5-011a72fee527.tmp
2015-12-15 11:08 - 2015-12-15 11:08 - 0000118 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-31 03:37
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by ronak_000 (2016-08-03 23:37:40)
Running from C:\Users\ronak_000\Desktop
Windows 8.1 Pro (Update) (X64) (2015-05-27 18:49:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1956968038-1783308290-1564097226-500 - Administrator - Disabled)
Crawford (S-1-5-21-1956968038-1783308290-1564097226-1006 - Limited - Enabled) => C:\Users\Crawford
Guest (S-1-5-21-1956968038-1783308290-1564097226-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1956968038-1783308290-1564097226-1005 - Limited - Enabled)
ronak_000 (S-1-5-21-1956968038-1783308290-1564097226-1001 - Administrator - Enabled) => C:\Users\ronak_000
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Amazon Amazon Music) (Version: 4.0.0.1205 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Batman: Arkham City GOTY (HKLM\...\Steam App 200260) (Version:  - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Carbonite (HKLM-x32\...\{D7D8E032-6C0D-4D12-9F60-5D6F4D4FF20A}) (Version: 5.8.8 build 6212 (Apr-14-2016) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4919 - CyberLink Corp.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Diner Dash - Flo on the Go (HKLM-x32\...\a45b578ce10b48e7ae3cdb09ae69175d) (Version:  - GameHouse)
DIRECTV Player (HKLM-x32\...\{4a5ad61d-1fe9-48b9-87a8-9235f71120f3}) (Version: 12.1 - DIRECTV)
Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.39.1 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
EPSON WF-3530 Series Printer Uninstall (HKLM\...\EPSON WF-3530 Series) (Version:  - SEIKO EPSON Corporation)
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version:  - )
Firestorm SecondLife and OpenSim viewer (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{63667a72-ee55-4dac-b231-18e6773104d8}) (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.82 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.26.37 - HP)
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Jane's Hotel - Family Hero (HKLM-x32\...\bd19093338e4bdb122f0db6c2b4011bd) (Version:  - GameHouse)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nanny Mania (HKLM-x32\...\d7c42bdcccacb1cc86bdbedba2c75cf3) (Version:  - GameHouse)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.55 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Posh Boutique (HKLM-x32\...\f720c0015c3e42a51b9dae57a15bfc97) (Version:  - GameHouse)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.3.0.92 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version:  - The SKSE Team)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.) Hidden
Spotify (HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR (HKLM\...\Steam App 250820) (Version:  - )
Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {110805F5-E9A2-4B05-A5ED-A29A9DA47A38} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-07-08] (Apple Inc.)
Task: {275D1A1C-DEC8-457B-A753-B121C9002BC7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-08] (HP Inc.)
Task: {2BCB4427-7EE2-4CD7-A7A2-97E501D6425D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: {324BB04A-FE1D-4C51-B575-D3E39587AA7A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {3D3D9FB6-51A4-4CB3-817D-EE1EFF9E195C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {3DBE7285-4D0E-4484-9BD3-DD6AC3F58AB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {3F3DBA93-638F-4D4B-8B38-04114D50582F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-18] (Dropbox, Inc.)
Task: {56D8B172-49B7-4C66-ABA1-0BB9E2AB7BEC} - System32\Tasks\HPCeeScheduleForronak_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {70C060D6-AEFD-457D-BF02-B31895CFAF91} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {7EC902CE-97D8-42E3-A0A2-AE0640E266B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-07-06] (HP Inc.)
Task: {7FFBE3DE-E73B-466F-829A-430F40B447B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8B9501B7-AC88-4ADA-A356-179609B821A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {B28D2963-980A-4531-9098-3687BF60E972} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: {B81A9ACB-0D3A-40F0-A5D0-BF88890471EC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-14] (Microsoft Corporation)
Task: {C1E997CE-B0EE-4C52-A3C5-84683AE45689} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {CFDD70CD-C578-4927-AF84-1A54280E52E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-06-28] (HP Inc.)
Task: {D6A9A48B-ADBB-4AF3-B00F-D0AD30AB9F49} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe
Task: {DE4365B9-DA18-408C-8F94-7BA1BEE61455} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {DF1AE570-9E05-4F63-BADB-DC509FD2426B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {F8E47B62-BC5F-445B-AAFA-7E61460F3369} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {FFA34EEB-D351-4A24-885F-6EAD64765B8A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-18] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForronak_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 01384168 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-03 17:25 - 2016-03-29 21:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-27 02:34 - 2016-07-18 22:26 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libglesv2.dll
2016-07-27 02:34 - 2016-07-18 22:25 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libegl.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 11423968 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\PCShowServer.dll
2016-02-14 09:15 - 2016-02-14 09:15 - 00340192 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\ndsLogStore.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 03301088 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\DrmSingleton.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 02100968 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 08346848 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\gsttspplugin.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 00689904 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2016-02-14 09:15 - 2016-02-14 09:15 - 01404128 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\libxml2-2.dll
2016-02-14 09:15 - 2016-02-14 09:15 - 00092880 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\z.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2016-04-22 10:46 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CarboniteService => 2
MSCONFIG\Services: CLKMSVC10_99E320F5 => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: ogmservice => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\StartupApproved\Run: => "Amazon Music"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8157AAAA-97E1-464C-8095-B53D88FED2B4}] => (Allow) C:\Users\ronak_000\AppData\Local\Temp\7zS7181.tmp\SymNRT.exe
FirewallRules: [{93C36DC8-1835-48EB-828C-DF3CC009298A}] => (Allow) C:\Users\ronak_000\AppData\Local\Temp\7zS7181.tmp\SymNRT.exe
FirewallRules: [{5F71C5F5-590B-4F69-BCA9-781451FF1207}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{293A3CA3-18C7-4240-A3F4-39B216963234}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{99FA3A36-5042-477E-A078-F6848B238FDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1FEFFD5-CA98-4575-9F1E-29BCDBFF6474}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{757DB812-959E-46B8-A7BD-92B816FC0E0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C42B3F3-C27A-48E6-ABDF-C7CF82AB8220}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0EF210F-6F48-47B1-8F69-28EE6A004A06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1D5AD19B-88F2-4498-B5FC-F243A4138C51}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{6BE89EE2-F548-468A-A22D-F977611C683C}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{3A3AFD21-74DA-4131-9A42-0F11E74BDA90}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{594C2FB3-F001-4417-BBBC-4D3E7CC23159}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B47C1FBE-AE6E-4436-BA66-08504CABCB8A}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EB4D2FE7-3302-41F8-B8DD-442B6B26F294}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{836333C5-9BA3-4BB5-885C-2A78057BE08A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1F0F053F-3339-41E1-AA75-6D5ED3AAF3C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{95EE3C5D-A021-48D5-8C8C-7C83E994C065}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7D06952C-0CF5-422C-A30A-0316F237C567}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A8A3B5E7-7876-4730-A2D0-74C7547DB2D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E7F9CEA8-9300-4427-A3EA-05F282A4749A}C:\program files\firestorm-releasex64\slplugin.exe] => (Allow) C:\program files\firestorm-releasex64\slplugin.exe
FirewallRules: [UDP Query User{200EF843-4A5A-4B02-B950-5D44F95393BE}C:\program files\firestorm-releasex64\slplugin.exe] => (Allow) C:\program files\firestorm-releasex64\slplugin.exe
FirewallRules: [{D4A07A6D-F6B3-4E19-9B66-800476EA3C7E}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{86905469-4A07-4BEF-93ED-4466A7D4AC20}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{B33391AA-12E0-421E-8FFC-85235FEFAEA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4D4CEF3A-C33B-4C8E-9028-BABC3F7FB97D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{15F31C94-1399-4275-8858-141B158BF12A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DFE73CDB-D284-4F88-A83B-1272ED134563}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{1E71C61B-BE53-4D3D-A880-6A2948CB1C0E}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{46A3A166-7EB5-489F-80B4-3DB182C76F0C}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [TCP Query User{BD81A2B8-DEFF-4920-B398-3DF08AE5A0F1}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EC86DA32-5403-4D02-981B-21132C5926D3}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3105D0EA-441F-4FA5-B159-3B2A45277C3E}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [UDP Query User{B4D09259-BF51-47F0-870E-DBEF8B9BB410}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [{1F5A9E5B-8057-47E6-B607-DAB1090DB57B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B6057D98-A5E0-4F1B-982E-7E6BED75F81C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{EDFB85D2-02BE-40BA-807F-40E122907ECD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{31598185-8E3B-4C9B-AE2B-6C8249428E5E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{DE1F7086-66C7-415A-94CB-DDAF7E9048D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F189E0D2-7FF8-43FA-A3CA-44B461CD6ACA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [TCP Query User{6B3B5780-56D1-4F4A-8062-F938D26915A2}C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{2CE52D76-F89D-4546-8DE8-2C82C41FA74C}C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [{919E712E-2996-447E-8BCA-97310265A5BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A95CEC03-EB8A-485B-8C2F-BBB79799A89E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CC0BADD4-B170-47ED-B4D5-AEAAF3EF5AF3}C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{D8891863-155D-4A0B-87E4-3F791C5DF03D}C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [{E1DAFB1B-B829-4B64-AFF2-70F072622B65}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{76FCA432-2AFA-48DE-B0F5-D96E7833449A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3AA7009-7478-45E0-87B7-DA1919ED095A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB3DACCF-7368-41BE-B499-C61E35E0F696}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99AD02F4-F19C-437F-98C4-8E76CACD6E2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{D1DEC1E3-928C-4B42-8D40-F3E0FB9B5304}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{762FCCB7-87DE-49E2-8D48-B22FDF30AB33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{407AE669-729B-415B-A2C3-81B39120848A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{F07A042B-1E6B-4E74-8E1D-9A6EEA755148}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{D9424538-5944-43B6-989D-AD61847ABA0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{A0A46BE4-7037-4EC7-9890-6648B1832518}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{41C527B6-5FC2-4EF0-86AE-E543F8E6111A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4278F433-70B0-4510-8F4E-2352E78E3776}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E052ACA2-84FD-4EFF-923E-9A2A7208DE27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C07AAB49-D02E-4D76-9448-D76842B1A712}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{52CC54F2-5849-4D88-96C9-34E2EA9F95B1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4FE5A6D2-ABCE-44DA-B8B7-B71F389D8C83}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{37B807AF-697E-4CC3-B8D7-CA4D51FDCF6D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{952E877C-6695-45B4-80FD-23FBC308D133}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E16FA1E9-DEDC-4E26-B91D-3B039E04BA80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3C3CD714-B147-4C94-965C-45033FE13AB0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CEB595B6-2A43-43B3-B4A7-392EF4240224}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
14-07-2016 18:31:05 Windows Update
22-07-2016 03:32:23 Scheduled Checkpoint
24-07-2016 01:32:16 Installed DirectX
27-07-2016 23:25:06 Installed DirectX
30-07-2016 13:08:05 Installed iTunes
30-07-2016 14:04:15 Installed iCloud
01-08-2016 21:03:54 Configured Microsoft Office Professional Plus 2013
01-08-2016 21:04:00 PROPLUSR
01-08-2016 22:32:13 Configured Microsoft Office Professional Plus 2013
01-08-2016 22:32:20 PROPLUSR
02-08-2016 09:37:06 Configured Microsoft Office Professional Plus 2013
02-08-2016 09:37:13 PROPLUSR
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/03/2016 09:53:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{d23c0be9-358c-4b41-a459-bec8f9c1d102}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (08/03/2016 09:53:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{17b23e46-c53e-4075-884d-0046068444ed}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (08/03/2016 09:53:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{75b4be64-2eef-4e12-b252-e149285cedcd}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (08/03/2016 09:53:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (08/03/2016 04:50:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250
 
Error: (08/03/2016 04:50:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250
 
Error: (08/03/2016 04:50:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/03/2016 04:48:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{d23c0be9-358c-4b41-a459-bec8f9c1d102}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (08/03/2016 04:48:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{17b23e46-c53e-4075-884d-0046068444ed}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (08/03/2016 04:48:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{75b4be64-2eef-4e12-b252-e149285cedcd}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
 
 
System errors:
=============
Error: (08/02/2016 03:33:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:32:14 PM on ‎8/‎2/‎2016 was unexpected.
 
Error: (08/02/2016 03:13:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:12:18 PM on ‎8/‎2/‎2016 was unexpected.
 
Error: (08/01/2016 08:59:48 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (08/01/2016 08:59:45 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/01/2016 08:59:39 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (08/01/2016 08:59:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
Error: (08/01/2016 08:59:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
Error: (08/01/2016 08:57:04 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/01/2016 08:55:21 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (08/01/2016 08:55:21 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
 
CodeIntegrity:
===================================
  Date: 2016-08-03 23:35:28.947
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-03 23:35:28.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-03 23:35:28.486
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-03 23:35:28.314
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-03 23:35:28.017
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-03 23:35:27.845
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-03 23:35:27.658
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-03 23:35:27.486
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-03 23:35:27.314
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-03 23:35:27.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 30%
Total physical RAM: 10178.13 MB
Available physical RAM: 7044.53 MB
Total Virtual: 11394.13 MB
Available Virtual: 7333.12 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:217.21 GB) (Free:12.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.57 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (DATA STORAGE) (Fixed) (Total:931.26 GB) (Free:827.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 2201E60A)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B97F44D5)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

 


  • 0

Advertisements

#2
RKinner
Posted 05 August 2016 - 10:22 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Open an elevated command prompt:
 
 
 
If you open an elevated command prompt it will by default open in c:\Windows\system32
 
Once you have an elevated command prompt:
 
Now Type(with an Enter after each line):
 
 DISM  /Online  /Cleanup-Image  /RestoreHealth
 
 (I use two spaces so you can be sure to see where one space goes.)
This will take a while to complete.  Once the prompt returns:
 
Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 
sfc  /scannow
 
 
 
This will also take a few minutes.  
 
When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
 
After you finish SFC, regardless of the result:
 
 
reboot
 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
Run Process Explorer as before and post the log.
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 

  • 0

#3
queendom
Posted 06 August 2016 - 04:36 AM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Thanks, RKinner!!!

 

Update: No longer have the mouse issue. Figured out it was the mousepad. I've used the same one for months but seems coincidental that this trouble started the same day as the virus.

 

SFC scan result: Windows did not find any integrity violations

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 06/08/2016 6:34:45 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/08/2016 7:33:07 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 02/08/2016 7:13:03 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 31/07/2016 7:48:51 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 31/07/2016 7:22:27 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 30/07/2016 5:21:02 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 21/07/2016 6:28:43 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 14/06/2016 8:34:01 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 14/06/2016 8:24:39 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 04/06/2016 6:30:33 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 02/05/2016 1:46:21 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 22/04/2016 2:46:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/08/2016 9:39:03 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 05/08/2016 9:39:03 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 05/08/2016 9:39:03 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 05/08/2016 9:39:03 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 05/08/2016 9:39:03 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 05/08/2016 9:39:03 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 05/08/2016 9:38:57 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Log: 'System' Date/Time: 05/08/2016 9:38:57 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 05/08/2016 9:38:57 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 05/08/2016 9:33:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 05/08/2016 9:23:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 05/08/2016 9:13:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 05/08/2016 9:03:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 05/08/2016 8:53:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 05/08/2016 8:43:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 05/08/2016 8:33:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 05/08/2016 8:23:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 05/08/2016 8:13:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 05/08/2016 8:03:37 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 05/08/2016 7:53:36 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/08/2016 10:32:55 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 06/08/2016 10:32:54 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 06/08/2016 10:32:46 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 06/08/2016 10:32:46 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 06/08/2016 10:19:11 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 06/08/2016 10:19:06 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 06/08/2016 10:18:57 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 06/08/2016 10:18:57 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 06/08/2016 10:18:46 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 06/08/2016 9:34:13 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _ldap._tcp.dc._msdcs.attlocal.net. timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 06/08/2016 9:34:10 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 06/08/2016 9:34:09 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 06/08/2016 9:34:01 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 06/08/2016 9:34:01 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 05/08/2016 12:13:18 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 05/08/2016 12:12:37 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 05/08/2016 8:18:31 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 05/08/2016 8:18:24 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 05/08/2016 3:43:54 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 05/08/2016 3:43:49 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
 
 
 
 
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 06/08/2016 6:36:44 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/08/2016 10:33:08 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Unexpected conflict discarding   20 C.A.E.8.D.F.C.F.9.C.B.9.4.D.5.C.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR HerPandora-2.local.
 
Log: 'Application' Date/Time: 06/08/2016 10:33:08 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Received from 192.168.1.64:5353   18 C.A.E.8.D.F.C.F.9.C.B.9.4.D.5.C.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR HerPandora.local.
 
Log: 'Application' Date/Time: 06/08/2016 10:33:08 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Unexpected conflict discarding   20 64.1.168.192.in-addr.arpa. PTR HerPandora-2.local.
 
Log: 'Application' Date/Time: 06/08/2016 10:33:08 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Received from 192.168.1.64:5353   18 64.1.168.192.in-addr.arpa. PTR HerPandora.local.
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Local Hostname HerPandora.local already in use; will try HerPandora-2.local instead
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: ProbeCount 1; will deregister   16 HerPandora.local. AAAA FE80:0000:0000:0000:C5D4:9BC9:FCFD:8EAC
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Received from 192.168.1.64:5353   16 HerPandora.local. AAAA 2602:0306:3AAA:4450:C5D4:9BC9:FCFD:8EAC
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
mDNSCoreReceiveResponse: Ignoring response received before we even began probing:    4 HerPandora.local. Addr 192.168.1.64
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Our Record 2 won:  8DD8879E   16 HerPandora.local. AAAA FE80:0000:0000:0000:C5D4:9BC9:FCFD:8EAC
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Pkt Record:        7F293A7F   16 HerPandora.local. AAAA 2602:0306:3AAA:4450:E1D5:B120:56EA:7DFB
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Our Record 2 won:  8DD8879E   16 HerPandora.local. AAAA FE80:0000:0000:0000:C5D4:9BC9:FCFD:8EAC
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Pkt Record:        7D6886C7   16 HerPandora.local. AAAA 2602:0306:3AAA:4450:C5D4:9BC9:FCFD:8EAC
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Our Record 3 lost: 00303400    4 HerPandora.local. Addr 192.168.1.64
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Pkt Record:        7D6886C7   16 HerPandora.local. AAAA 2602:0306:3AAA:4450:C5D4:9BC9:FCFD:8EAC
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Our Record 2 won:  8DD8879E   16 HerPandora.local. AAAA FE80:0000:0000:0000:C5D4:9BC9:FCFD:8EAC
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Pkt Record:        7F293A7F   16 HerPandora.local. AAAA 2602:0306:3AAA:4450:E1D5:B120:56EA:7DFB
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Our Record 2 won:  8DD8879E   16 HerPandora.local. AAAA FE80:0000:0000:0000:C5D4:9BC9:FCFD:8EAC
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Pkt Record:        7D6886C7   16 HerPandora.local. AAAA 2602:0306:3AAA:4450:C5D4:9BC9:FCFD:8EAC
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Our Record 3 lost: 00303400    4 HerPandora.local. Addr 192.168.1.64
 
Log: 'Application' Date/Time: 06/08/2016 10:33:06 AM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
ResolveSimultaneousProbe: 000000000167ADC0 Pkt Record:        7D6886C7   16 HerPandora.local. AAAA 2602:0306:3AAA:4450:C5D4:9BC9:FCFD:8EAC
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/08/2016 9:39:05 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 05/08/2016 9:39:05 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 05/08/2016 12:13:32 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 05/08/2016 3:43:26 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 05/08/2016 3:43:26 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 05/08/2016 3:13:53 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 05/08/2016 1:46:15 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <ONEINDEX15://{S-1-5-21-1956968038-1783308290-1564097226-1001}/>.
 
Context:  Application, SystemIndex Catalog
 
Details:
(HRESULT : 0x80004005) (0x80004005)
 
 
Log: 'Application' Date/Time: 04/08/2016 1:44:08 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <ONEINDEX15://{S-1-5-21-1956968038-1783308290-1564097226-1001}/>.
 
Context:  Application, SystemIndex Catalog
 
Details:
(HRESULT : 0x80004005) (0x80004005)
 
 
Log: 'Application' Date/Time: 03/08/2016 7:21:56 AM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
 
Log: 'Application' Date/Time: 03/08/2016 6:29:49 AM
Type: Warning Category: 0
Event: 866 Source: Microsoft-Windows-SoftwareRestrictionPolicies
Access to C:\Users\ronak_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe has been restricted by your Administrator by location with policy rule {1A4B2724-8B23-4972-BE64-C8076BB6386B} placed on path C:\Users\ronak_000\AppData\Roaming\*\*.exe.
 
Log: 'Application' Date/Time: 03/08/2016 6:29:49 AM
Type: Warning Category: 0
Event: 866 Source: Microsoft-Windows-SoftwareRestrictionPolicies
Access to C:\Users\ronak_000\AppData\Roaming\Spotify\SpotifyCrashService.exe has been restricted by your Administrator by location with policy rule {1A4B2724-8B23-4972-BE64-C8076BB6386B} placed on path C:\Users\ronak_000\AppData\Roaming\*\*.exe.
 
Log: 'Application' Date/Time: 02/08/2016 1:38:10 PM
Type: Warning Category: 0
Event: 8303 Source: Microsoft-Windows-System-Restore
Scoping unsuccessful for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy12 with error 0x80070057.
 
Log: 'Application' Date/Time: 02/08/2016 1:37:57 PM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0
 
Log: 'Application' Date/Time: 02/08/2016 1:37:57 PM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0
 
Log: 'Application' Date/Time: 02/08/2016 1:37:57 PM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0
 
Log: 'Application' Date/Time: 02/08/2016 1:37:54 PM
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Microsoft Office Professional Plus 2013. The application tried to modify a protected Windows registry key \msinkdiv.InkDivider.1.
 
Log: 'Application' Date/Time: 02/08/2016 1:37:54 PM
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Microsoft Office Professional Plus 2013. The application tried to modify a protected Windows registry key \msinkdiv.InkDivider\CurVer.
 
Log: 'Application' Date/Time: 02/08/2016 1:37:54 PM
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Microsoft Office Professional Plus 2013. The application tried to modify a protected Windows registry key \msinkdiv.InkDivider\CLSID.
 
Log: 'Application' Date/Time: 02/08/2016 1:37:54 PM
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Microsoft Office Professional Plus 2013. The application tried to modify a protected Windows registry key \msinkdiv.InkDivider.
 
Log: 'Application' Date/Time: 02/08/2016 1:37:54 PM
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Microsoft Office Professional Plus 2013. The application tried to modify a protected Windows registry key \msinkdiv.InkDivider.1\CLSID.
 
 
 
 
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 98.01 0 K 4 K 0
procexp64.exe 0.68 27,368 K 56,932 K 4464 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.27 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.25 37,808 K 25,864 K 892
CarboniteService.exe 0.24 14,304 K 25,328 K 1560 Carbonite Secure Backup Engine Carbonite, Inc. (www.carbonite.com) (Verified) Carbonite
SetPoint.exe 0.16 21,924 K 36,024 K 6912 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. (Verified) Logitech Inc
System 0.11 204 K 432 K 4
mbam.exe 0.07 32,544 K 52,952 K 2728
csrss.exe 0.03 2,812 K 7,596 K 596
CarboniteUI.exe 0.03 10,776 K 28,180 K 7756 Carbonite User Interface Carbonite, Inc. (Verified) Carbonite
explorer.exe 0.03 80,460 K 120,968 K 2760 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 0.03 160,772 K 140,156 K 2036 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
chrome.exe 0.02 88,956 K 103,668 K 4080 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.02 84,156 K 135,072 K 5464 Google Chrome Google Inc. (Verified) Google Inc
stickies.exe 0.02 5,656 K 15,660 K 8160 Stickies 8.0c Zhorn Software (No signature was present in the subject) Zhorn Software
AppleMobileDeviceService.exe 0.01 3,024 K 9,996 K 1476 MobileDeviceService Apple Inc. (Verified) Apple Inc.
TeamViewer_Service.exe < 0.01 6,356 K 16,324 K 1940 TeamViewer 11 TeamViewer GmbH (Verified) TeamViewer
spoolsv.exe < 0.01 8,280 K 18,008 K 1220 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
KHALMNPR.exe < 0.01 3,536 K 10,444 K 4992 Logitech KHAL Main Process Logitech, Inc. (Verified) Logitech
dllhost.exe < 0.01 4,132 K 9,524 K 2500 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
E_YATIJIE.EXE < 0.01 2,928 K 9,168 K 6392 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) SEIKO EPSON Corporation
NDSPCShowServer.exe < 0.01 78,904 K 21,500 K 6280 (Verified) DIRECTV
svchost.exe < 0.01 4,944 K 9,172 K 788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
tv_w32.exe < 0.01 1,116 K 5,024 K 5300
tv_x64.exe < 0.01 1,180 K 4,792 K 5572
HPSA_Service.exe < 0.01 27,928 K 22,544 K 7712 HP Support Assistant Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
svchost.exe < 0.01 30,712 K 43,028 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
PCShowServerPMWrapper.exe < 0.01 2,036 K 7,496 K 6388 PC Show power management wrapper Cisco (Verified) DIRECTV
stacsv64.exe < 0.01 4,960 K 8,688 K 512 IDT PC Audio IDT, Inc. (No signature was present in the subject) IDT, Inc.
svchost.exe < 0.01 9,336 K 18,144 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
wmpnetwk.exe 6,360 K 19,288 K 1628 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,484 K 6,648 K 6208
WmiPrvSE.exe 2,060 K 6,312 K 7460
winlogon.exe 1,652 K 8,472 K 640
wininit.exe 892 K 3,848 K 588
TeamViewer.exe 12,256 K 29,476 K 5560 TeamViewer 11 TeamViewer GmbH (Verified) TeamViewer
taskhostex.exe 2,748 K 8,764 K 5900 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,220 K 23,036 K 1272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,976 K 11,072 K 1908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,408 K 12,024 K 760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 19,720 K 29,072 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,756 K 15,688 K 732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 20,064 K 32,012 K 396 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,288 K 13,060 K 3836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,532 K 7,908 K 1460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,796 K 10,600 K 1616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,560 K 8,496 K 4856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
sttray64.exe 3,348 K 9,764 K 5556 IDT PC Audio IDT, Inc. (No signature was present in the subject) IDT, Inc.
smss.exe 276 K 1,016 K 344
SkyDrive.exe 12,976 K 15,160 K 4052 OneDrive Sync Engine Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 8,932 K 9,436 K 5828 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,592 K 6,940 K 684
SearchIndexer.exe 34,524 K 36,616 K 3672 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 2,472 K 8,180 K 220 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
ONENOTEM.EXE 1,392 K 972 K 7484 Send to OneNote Tool Microsoft Corporation (Verified) Microsoft Corporation
NvBackend.exe 13,832 K 21,128 K 6016 NVIDIA Backend NVIDIA Corporation (Verified) NVIDIA Corporation
NisSrv.exe 12,904 K 9,240 K 3664 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
MpCmdRun.exe 3,312 K 9,312 K 7412
mDNSResponder.exe 1,512 K 4,932 K 1540 Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamservice.exe 318,600 K 186,696 K 1772 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
mbamscheduler.exe 4,356 K 10,004 K 1644 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
lsass.exe 10,536 K 17,596 K 692 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
jusched.exe 1,292 K 5,644 K 7632 Java Update Scheduler Oracle Corporation (Verified) Oracle America
GoogleCrashHandler64.exe 1,312 K 460 K 6580
GoogleCrashHandler.exe 1,360 K 476 K 5468
escsvc64.exe 1,252 K 4,900 K 1036 Epson Scanner Service (64bit) Seiko Epson Corporation (Verified) SEIKO EPSON Corporation
Dropbox.exe 90,988 K 118,892 K 7820 Dropbox Dropbox, Inc. (Verified) Dropbox
dllhost.exe 1,776 K 6,272 K 724 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 4,868 K 13,308 K 1652
csrss.exe 1,772 K 3,976 K 516
conhost.exe 828 K 3,444 K 6552 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
ClassicStartMenu.exe 2,924 K 9,260 K 2804 Classic Start Menu IvoSoft (A certificate was explicitly revoked by its issuer) IvoSoft
chrome.exe 87,016 K 106,408 K 7936 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,572 K 23,116 K 6296 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 56,548 K 57,808 K 6260 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 30,240 K 40,160 K 4948 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 60,012 K 62,688 K 6332 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 26,804 K 29,460 K 6372 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 67,112 K 66,144 K 6528 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 28,072 K 25,892 K 6200 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,376 K 4,604 K 5408 Google Chrome Google Inc. (Verified) Google Inc
Beats64.exe 1,456 K 6,040 K 5704 HP Beats Hewlett-Packard (Verified) Integrated Device Technology Inc.
audiodg.exe 6,564 K 9,980 K 5076
armsvc.exe 1,044 K 4,132 K 1440 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
 
 

Edited by queendom, 06 August 2016 - 04:41 AM.

  • 0

#4
RKinner
Posted 06 August 2016 - 08:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Your errors show a problem with the network adapter.

 

Look on your PC maker's website for new network adapter drivers.  If you find some try to download and install them.  

 

If they say they are already installed then:

 

Search for

 

device manager

 

and hit Enter

 

This should open a new window.  Look in the right pane for Network Adapters  (You may have to click on the arrow in fron of Network Adapters to see the drivers under it)

 

Right click on each driver and uninstall.

 

Once you have done them all then reboot.  Windows will detect the adapters and reinstall the drivers.  Sometimes this will fix problems with corrupt drivers.

 

I would also look for a new Video driver since the file that your A-V removed may have been a false positive.

 

I would uninstall Bonjour as it is causing errors.  You usually get a new version when you update Apple products.

 

Clear the alarms:

 

To Clear the logs:
 
Copy the next line:
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
Windows key + x and choose Command Line (Admin)  (There are two so make sure you get the admin one)
If you do not have a Windows Key then:
 
Right click in the Command Window and  Paste (or Edit then Paste) and the copied line should appear.  Hit Enter.
 
When the prompt returns, reboot.
 
Run VEW again as before and post the logs

  • 0

#5
queendom
Posted 08 August 2016 - 07:36 PM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

I updated the network adapter and uninstalled Bonjour. I am still investigating alternative graphics drivers, so for now, I just reinstalled the one I had. I'm working on reporting the "trojan" as a false positive with Malwarebytes. Thanks for the heads up!!

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 08/08/2016 9:32:13 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/08/2016 1:20:46 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the file specified.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/08/2016 1:18:50 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _ldap._tcp.dc._msdcs.attlocal.net. timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/08/2016 1:18:44 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 09/08/2016 1:18:43 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/08/2016 1:18:35 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 09/08/2016 1:18:35 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 09/08/2016 1:18:20 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.
 
 
 
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 08/08/2016 9:35:55 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#6
RKinner
Posted 08 August 2016 - 08:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Log: 'System' Date/Time: 09/08/2016 1:18:43 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 

 

 

Open IE, Tools (the gear), Internet Options, Connections, Lan Settings.  Uncheck everything.  OK

 

 
Log: 'System' Date/Time: 09/08/2016 1:20:46 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error:  The system cannot find the file specified.

 

 

 

 

Uninstall HP Support Assistant Service.  If you need it get a newe version from HP.
 
Log: 'System' Date/Time: 09/08/2016 1:18:44 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.micro...om/kb/197571formore information.
 

 

 

Download and Save the attached winlogon.zip.  Right click on it and Extract All, Extract.  Right click on winlogon.reg and Merge.
 
We are still getting these even with the new network drivers:
 
Log: 'System' Date/Time: 09/08/2016 1:18:35 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

 

 

Let's try a tcp reset:
 
Copy the next line:
netsh int ip reset c:\resetlog.txt

Open an Elevated Command Prompt:

 
 
 
Right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter.
 
Reboot.
 
Run VEW again.  This time we just need the System log.

 

 
 
 
 
 

  • 0

#7
queendom
Posted 11 August 2016 - 12:23 AM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 11/08/2016 2:21:16 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/08/2016 9:10:58 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
 
Log: 'System' Date/Time: 10/08/2016 9:10:58 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 10/08/2016 9:10:47 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Log: 'System' Date/Time: 10/08/2016 9:10:31 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/08/2016 6:14:02 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 11/08/2016 6:13:54 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 11/08/2016 6:13:54 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 11/08/2016 6:13:42 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 11/08/2016 6:02:11 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 11/08/2016 5:55:55 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 11/08/2016 5:55:53 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 11/08/2016 5:55:46 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 11/08/2016 5:55:46 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 11/08/2016 5:54:33 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 11/08/2016 5:54:23 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 11/08/2016 5:54:23 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 11/08/2016 5:14:40 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 11/08/2016 5:14:38 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 11/08/2016 5:14:30 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 11/08/2016 5:14:30 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 11/08/2016 4:34:34 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 11/08/2016 4:34:34 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 11/08/2016 4:34:25 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 11/08/2016 4:34:25 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

  • 0

#8
RKinner
Posted 11 August 2016 - 08:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I guess that method of clearing the logs only works on Win 8 & 10.  Is there a reason it's in Safe Mode?

 

 

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
 
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

  • 0

#9
queendom
Posted 12 August 2016 - 03:58 AM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Strange. It's showing that I'm in safe mode? I only used safe mode while trying to troubleshoot prior to posting here. Not currently using. The mouse problem also returned. Regardless of what base (table, mousepad, etc.) I use, the mouse moves extremely slowly.

 

Not sure if it matters, but I originally had 2 network adapters listed in Device Manager:

  • Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
  • Ralink RT5390R 802.11bgn Wi-Fi Adapter

 

Now I also have:

  • WAN Miniport (IKEv2)
  • WAN Miniport (IP)
  • WAN Miniport (IPv6)
  • WAN Miniport (L2TP)
  • WAN Miniport (Network Monitor)
  • WAN Miniport (PPPOE)
  • WAN Miniport (PPTP)
  • WAN Miniport (SSTP)

 

Thanks again, RKinner!!

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 12/08/2016 5:51:26 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/08/2016 9:49:55 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 12/08/2016 9:49:55 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 12/08/2016 9:49:42 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.

Edited by queendom, 12 August 2016 - 04:20 AM.

  • 0

#10
RKinner
Posted 12 August 2016 - 07:41 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

These:
 

 

  • WAN Miniport (IKEv2)
  • WAN Miniport (IP)
  • WAN Miniport (IPv6)
  • WAN Miniport (L2TP)
  • WAN Miniport (Network Monitor)
  • WAN Miniport (PPPOE)
  • WAN Miniport (PPTP)
  • WAN Miniport (SSTP
 
 
are normal but you won't see them unless you do View, Show Hidden Devices.
 
error "1084"

 

 
 
ERROR_NOT_SAFEBOOT_SERVICE
1084 (0x43C)
This service cannot be started in Safe Mode.
 
 
I'm wondering if the fact you have WinPcap 4.1.3  disabled in msconfig is causing these:
 
Log: 'System' Date/Time: 12/08/2016 9:49:55 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 12/08/2016 9:49:55 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

 

 

Go back into msconfig and under Services, check: rpcapd then Apply and Reboot.  Then run VEW for System again.


  • 0

Advertisements

#11
queendom
Posted 12 August 2016 - 08:40 PM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

That's the strange thing. Show Hidden Devices is disabled. When I enable, the following also appear:

  • Microsoft ISATAP Adapter
  • Microsoft ISATAP Adapter #2 
  • Microsoft Kernel Debug Network Adapter 
  • Microsoft Wi-Fi Direct Virtual Adapter
  • Microsoft Wi-Fi Direct Virtual Adapter #2 
  • Microsoft Wi-Fi Direct Virtual Adapter #3
  • RAS Async Adapter
  • Teredo Tunneling Pseudo-Interface

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 12/08/2016 10:39:09 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/08/2016 2:37:41 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 13/08/2016 2:37:34 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 13/08/2016 2:37:34 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

  • 0

#12
RKinner
Posted 12 August 2016 - 11:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Sort of odd.  On mine I only see the two network adapter until I do View, Show Hidden then I get the rest of the gang.

 

Let's get a speccy log so we can see which adapter it is talking about

 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
Uninstall Speccy

  • 0

#13
queendom
Posted 13 August 2016 - 06:15 AM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Got it! Attached here.

Attached Files

  • Attached File  Spec.txt   384.15KB   451 downloads

Edited by queendom, 13 August 2016 - 06:16 AM.

  • 0

#14
RKinner
Posted 13 August 2016 - 08:16 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

It's the Ralink RT5390R 802.11bgn Wi-Fi Adapter

 

First uninstall WinPcap 4.1.3 

 

(Why do you have it anyway?)  You can reinstall it after we are done.

 

Then reboot.

 

Run VEW for System again.  Let's see if that was it.  If not then Look on your PC maker's website for a new networkr driver for  the Ralink RT5390R 802.11bgn Wi-Fi Adapter

 

I found this one:

 

ftp://ftp.hp.com/pub/softpaq/sp71501-72000/sp71571​.exe

 

Says it's for your RaLink and works on WIn 10.


  • 0

#15
queendom
Posted 13 August 2016 - 09:10 PM

queendom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

After installing the driver above, wireless was disabled. I was only given access to plug in the ethernet. In Device Manager, it showed RaLink's software was causing an error/incompatibility. So I tried the Mediatek adapter HP Support Assist recommended. Kept failing to install initially, then finally showed successful, but the errors persist. 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 13/08/2016 11:05:25 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/08/2016 3:04:51 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 14/08/2016 3:04:51 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 14/08/2016 3:03:03 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.attlocal.net timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 14/08/2016 3:02:57 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 14/08/2016 3:02:57 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 14/08/2016 3:02:56 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 14/08/2016 3:02:56 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 14/08/2016 1:46:38 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 14/08/2016 1:46:38 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 13/08/2016 4:22:20 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 13/08/2016 4:22:20 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 13/08/2016 4:18:50 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 13/08/2016 4:18:50 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 13/08/2016 4:18:49 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 13/08/2016 4:18:49 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address B8-76-3F-4B-BE-56 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 13/08/2016 4:15:58 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\netr28x failed to load for the device PCI\VEN_1814&DEV_539B&SUBSYS_18ED103C&REV_00\4&131a977f&0&00E4.
 
Log: 'System' Date/Time: 13/08/2016 4:15:54 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\netr28x failed to load for the device PCI\VEN_1814&DEV_539B&SUBSYS_18ED103C&REV_00\4&131a977f&0&00E4.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP