Thanks for your help!! My computer was infected with Trojan.Reconyc. Malwarebytes located and quarantined the infection last weekend. (As retrieved from the quarantine logs, Vendor: Trojan.Reconyc / Type: File / Location: C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience\7z.exe). Even after the quarantine, the computer continues to run slower than usual. Also, the computer mouse is extremely slow, although I have not made any recent hardware or software changes. To fix this, I tried uninstalling/reinstalling my keyboard/mouse software and changing the batteries but still no change.
At one point, the computer would not fully load; I was only able to see the mouse pointer and a black screen. I ran ctrl-alt-del and noticed a running process called "Run Once." Once I terminated this process, the black screen went away and the desktop then loaded. Haven't had that problem since but thought you should know.
I believe that I acquired the infection while browsing websites. Didn't purposely download anything but noticed issues around that time.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by ronak_000 (administrator) on HERPANDORA (03-08-2016 23:37:23)
Running from C:\Users\ronak_000\Desktop
Loaded Profiles: ronak_000 (Available Profiles: ronak_000 & Crawford)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Cisco) C:\Users\ronak_000\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJIE.EXE
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Users\ronak_000\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-07-05] (IDT, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1112760 2016-04-14] (Carbonite, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\ronak_000\AppData\Roaming\Spotify\Spotify.exe <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [Spotify Web Helper] => C:\Users\ronak_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-14] (Spotify Ltd)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [Amazon Music] => C:\Users\ronak_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-14] ()
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [PCShowServer] => C:\Users\ronak_000\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632504 2016-02-14] (Cisco)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJIE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJIE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-04-22]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-04-22]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (No File)
Startup: C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2015-05-27]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1956968038-1783308290-1564097226-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CE5EC543-607A-4404-846A-D8DCA026C6FC}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> DefaultScope {A0FC28FF-BFAC-43DD-8EDD-FB9BEBECB38B} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> {A0FC28FF-BFAC-43DD-8EDD-FB9BEBECB38B} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> {F101994A-BBD4-4681-80A6-767B757D6E7C} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-04-22] (LastPass)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: AmazonPriceWatch.BHOClass -> {19810130-E5A5-4217-B937-19800508B4CD} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-22] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-04-22] (LastPass)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-22] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-04-22] (LastPass)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-04-22] (LastPass)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Toolbar: HKU\S-1-5-21-1956968038-1783308290-1564097226-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-18] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-22] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-22] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-04-22] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\extensions\
[email protected] [2016-04-25]
FF Extension: WOT - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-04-25]
FF Extension: Amazon Price Tracker - Keepa.com - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\extensions\
[email protected] [2016-05-01]
FF Extension: Add to Amazon Wish List Button - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\extensions\
[email protected] [2016-06-04]
FF Extension: Open in IE - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\Extensions\
[email protected] [2016-04-26]
FF Extension: Adblock Plus - C:\Users\ronak_000\AppData\Roaming\Mozilla\Firefox\Profiles\gkp2hgxw.default-1461624712586\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-07-31] [not signed]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.qvc.com/Sweepstakes.content.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=dss_yset_chr__PARAM__
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-27]
CHR Extension: (Yahoo Web) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2016-02-05]
CHR Extension: (Google Docs) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (PriceBlink) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2016-07-15]
CHR Extension: (Google Drive) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-02]
CHR Extension: (Google Search) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-05-27]
CHR Extension: (Google Sheets) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-27]
CHR Extension: (Google Docs Offline) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-08-02]
CHR Extension: (Rating Program Extension) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\imbankdmoclhcdmdejkklikkpaidaeij [2016-07-21]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2016-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-07-19]
CHR Extension: (Gmail) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR Extension: (Chrome Media Router) - C:\Users\ronak_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-30]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S4 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-09-27] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-27] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-27] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-18] (Dropbox, Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
S4 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2013-07-05] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [33376 2016-01-08] (DEVGURU Co., LTD.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-03 23:37 - 2016-08-03 23:37 - 00057862 _____ C:\Users\ronak_000\Desktop\FRST.txt
2016-08-03 23:36 - 2016-08-03 23:37 - 00000000 ____D C:\FRST
2016-08-03 23:34 - 2016-08-03 23:34 - 02393600 _____ (Farbar) C:\Users\ronak_000\Desktop\FRST64.exe
2016-08-02 10:45 - 2016-08-02 12:57 - 00000000 ____D C:\Users\ronak_000\Desktop\Paul Car
2016-08-02 10:44 - 2016-08-02 10:45 - 00000022 _____ C:\Users\ronak_000\Desktop\Attachments_201682.zip
2016-08-02 09:33 - 2016-08-02 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-02 09:33 - 2016-08-02 09:33 - 00000000 ____D C:\Program Files\iTunes
2016-08-02 09:33 - 2016-08-02 09:33 - 00000000 ____D C:\Program Files\iPod
2016-08-02 09:33 - 2016-08-02 09:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-01 22:33 - 2016-08-01 22:33 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-08-01 22:33 - 2016-08-01 22:33 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-08-01 22:32 - 2016-08-01 22:32 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-08-01 22:32 - 2016-08-01 22:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-07-31 02:34 - 2016-07-31 02:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-07-31 02:30 - 2016-07-31 02:30 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\sp6_log
2016-07-30 19:38 - 2016-07-30 19:38 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\IDT
2016-07-30 15:19 - 2016-07-30 15:19 - 00001875 _____ C:\Users\Crawford\Desktop\iTunes.lnk
2016-07-30 14:31 - 2016-07-30 15:22 - 00000000 ____D C:\Users\Crawford\AppData\Local\CrashDumps
2016-07-30 14:25 - 2016-07-30 14:25 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Macromedia
2016-07-30 14:25 - 2016-07-30 14:25 - 00000000 ____D C:\Users\Crawford\AppData\Local\Macromedia
2016-07-30 14:18 - 2016-07-31 22:36 - 00000000 ___RD C:\Users\Crawford\iCloudDrive
2016-07-30 14:18 - 2016-07-30 14:18 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-07-30 14:18 - 2016-07-30 14:18 - 00000000 ____D C:\Users\Crawford\AppData\Local\Apple Inc
2016-07-30 14:17 - 2016-08-01 14:17 - 00003430 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-07-30 14:08 - 2016-07-30 14:08 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Logishrd
2016-07-30 14:05 - 2016-07-30 14:05 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Logishrd
2016-07-30 14:04 - 2016-07-30 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-07-30 13:32 - 2016-08-01 18:52 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2A78B64C-881D-4206-B3FF-77592C1249CA}
2016-07-30 13:30 - 2016-08-01 06:36 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1956968038-1783308290-1564097226-1006
2016-07-30 13:28 - 2016-07-30 13:34 - 00000000 ____D C:\Users\Crawford\AppData\Local\Mozilla
2016-07-30 13:28 - 2016-07-30 13:28 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Mozilla
2016-07-30 13:26 - 2016-08-01 20:19 - 00000000 ____D C:\Users\Crawford\AppData\Local\ClassicShell
2016-07-30 13:26 - 2016-08-01 14:17 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Apple Computer
2016-07-30 13:26 - 2016-07-30 14:05 - 00000000 ____D C:\Users\Crawford\AppData\Local\Apple Computer
2016-07-30 13:26 - 2016-07-30 13:26 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\ClassicShell
2016-07-30 13:26 - 2016-07-30 13:26 - 00000000 ____D C:\Users\Crawford\AppData\Local\NVIDIA Corporation
2016-07-30 13:25 - 2016-07-30 14:05 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Logitech
2016-07-30 13:25 - 2016-07-30 13:25 - 00000000 ____D C:\Users\Crawford\AppData\Local\NVIDIA
2016-07-30 13:25 - 2016-07-30 13:25 - 00000000 ____D C:\Users\Crawford\AppData\Local\Dropbox
2016-07-30 13:25 - 2016-07-30 13:25 - 00000000 ____D C:\Users\Crawford\AppData\Local\Adobe
2016-07-30 13:24 - 2016-07-31 03:24 - 00000000 ____D C:\Users\Crawford
2016-07-30 13:24 - 2016-07-30 14:25 - 00000000 ____D C:\Users\Crawford\AppData\Local\Packages
2016-07-30 13:24 - 2016-07-30 13:24 - 00001448 _____ C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-30 13:24 - 2016-07-30 13:24 - 00000020 ___SH C:\Users\Crawford\ntuser.ini
2016-07-30 13:24 - 2016-07-30 13:24 - 00000000 _SHDL C:\Users\Crawford\My Documents
2016-07-30 13:24 - 2016-07-30 13:24 - 00000000 ____D C:\Users\Crawford\AppData\Roaming\Adobe
2016-07-30 13:24 - 2016-07-30 13:24 - 00000000 ____D C:\Users\Crawford\AppData\Local\VirtualStore
2016-07-30 13:24 - 2016-07-30 13:24 - 00000000 ____D C:\Users\Crawford\AppData\Local\Google
2016-07-30 13:24 - 2014-11-21 04:52 - 00000369 _____ C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-07-30 13:24 - 2014-11-21 04:52 - 00000369 _____ C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-07-30 13:08 - 2016-07-30 13:08 - 00000000 ____D C:\Program Files\Bonjour
2016-07-30 13:08 - 2016-07-30 13:08 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-07-30 13:07 - 2016-08-02 09:33 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-07-27 23:25 - 2016-07-27 23:25 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Downloaded Installations
2016-07-27 23:25 - 2016-07-27 23:25 - 00000000 ____D C:\Program Files (x86)\AMD
2016-07-27 23:25 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-07-27 23:25 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-07-27 23:25 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-07-27 23:25 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-07-26 13:27 - 2016-07-26 13:27 - 00000000 ____D C:\WINDOWS\EOONotify
2016-07-26 13:27 - 2016-06-18 16:06 - 00590688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-07-26 13:27 - 2016-06-18 16:06 - 00072408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2016-07-26 13:27 - 2016-06-11 15:52 - 00379232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-07-26 13:27 - 2016-06-11 15:52 - 00057184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-07-26 13:27 - 2016-06-11 15:51 - 00563024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-07-26 13:27 - 2016-06-11 15:51 - 00397232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-07-26 13:27 - 2016-06-11 15:50 - 00178016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-07-26 13:27 - 2016-06-11 14:34 - 00340880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-07-26 13:27 - 2016-06-11 14:05 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpresult.exe
2016-07-26 13:27 - 2016-06-11 13:46 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-07-26 13:27 - 2016-06-11 13:14 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpresult.exe
2016-07-26 13:27 - 2016-06-11 13:00 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-07-26 13:27 - 2016-06-11 12:55 - 01443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-07-26 13:27 - 2016-06-11 12:50 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-07-26 13:27 - 2016-06-11 12:46 - 00482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2016-07-26 13:27 - 2016-06-11 12:44 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-07-26 13:27 - 2016-06-11 12:37 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-07-26 13:27 - 2016-06-11 12:24 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-07-26 13:27 - 2016-06-11 12:20 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-07-26 13:27 - 2016-06-11 12:16 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-07-26 13:27 - 2016-06-10 23:44 - 00107984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-07-26 13:27 - 2016-06-10 23:44 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-07-26 13:27 - 2016-06-10 16:07 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-07-26 13:27 - 2016-06-10 16:03 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-07-26 13:27 - 2016-06-10 15:04 - 03547136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-07-26 13:27 - 2016-06-10 14:11 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-07-26 13:27 - 2016-06-10 14:11 - 01487992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-07-26 13:27 - 2016-06-10 14:11 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-07-26 13:27 - 2016-06-10 14:11 - 00125024 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2016-07-26 13:27 - 2016-06-10 14:10 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2016-07-26 13:27 - 2016-06-10 14:07 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-07-26 13:27 - 2016-06-10 14:04 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-07-26 13:27 - 2016-06-09 15:32 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-07-26 13:27 - 2016-06-09 14:18 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-07-26 13:27 - 2016-06-07 14:10 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\hbaapi.dll
2016-07-26 13:27 - 2016-06-07 13:13 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hbaapi.dll
2016-07-26 13:27 - 2016-06-03 20:38 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-07-26 13:27 - 2016-06-03 20:37 - 01970968 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-07-25 11:41 - 2016-07-25 12:48 - 00000000 ____D C:\Users\ronak_000\Desktop\TheHopeLine
2016-07-25 05:54 - 2016-07-25 05:54 - 00141446 _____ C:\Users\ronak_000\Desktop\2016-FinancialSummary.pdf
2016-07-22 00:12 - 2016-07-22 00:12 - 00195853 _____ C:\Users\ronak_000\Desktop\EligibilityNotice.pdf
2016-07-19 23:48 - 2016-07-19 23:48 - 04870903 _____ C:\Users\ronak_000\Desktop\Feminine Manifesting a House.m4a
2016-07-19 22:41 - 2016-07-24 01:48 - 00000000 ____D C:\Users\ronak_000\Desktop\LOA
2016-07-16 21:28 - 2016-07-16 21:28 - 00347036 _____ C:\Users\ronak_000\Desktop\MeProfileWomen.pdf
2016-07-14 18:31 - 2016-06-11 14:14 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-07-14 18:31 - 2016-06-11 14:11 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-07-14 18:31 - 2016-06-11 13:56 - 25812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-07-14 18:31 - 2016-06-11 13:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-07-14 18:31 - 2016-06-11 13:42 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-07-14 18:31 - 2016-06-11 13:23 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-07-14 18:31 - 2016-06-11 13:22 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-07-14 18:31 - 2016-06-11 13:22 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-07-14 18:31 - 2016-06-11 13:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-07-14 18:31 - 2016-06-11 13:13 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-07-14 18:31 - 2016-06-11 13:12 - 20348928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-07-14 18:31 - 2016-06-11 13:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-07-14 18:31 - 2016-06-11 13:07 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-07-14 18:31 - 2016-06-11 13:03 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-07-14 18:31 - 2016-06-11 13:00 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-07-14 18:31 - 2016-06-11 12:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-07-14 18:31 - 2016-06-11 12:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-07-14 18:31 - 2016-06-11 12:43 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-07-14 18:31 - 2016-06-11 12:38 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-07-14 18:31 - 2016-06-11 12:33 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-07-14 18:31 - 2016-06-11 12:31 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-07-14 18:31 - 2016-06-11 12:31 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-07-14 18:31 - 2016-06-11 12:30 - 15409664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-07-14 18:31 - 2016-06-11 12:29 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-07-14 18:31 - 2016-06-11 12:26 - 02869248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-07-14 18:31 - 2016-06-11 12:15 - 13806080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-07-14 18:31 - 2016-06-11 12:12 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-07-14 18:31 - 2016-06-11 12:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-07-14 18:31 - 2016-06-11 11:59 - 02392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-07-14 18:31 - 2016-06-11 11:56 - 01315840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-07-14 18:31 - 2016-06-11 11:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-07-14 18:31 - 2016-05-25 09:22 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-07-14 18:31 - 2016-05-25 09:22 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-07-14 18:31 - 2016-05-25 09:12 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-07-14 18:31 - 2016-05-25 09:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-07-14 18:30 - 2016-06-25 14:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-07-14 18:30 - 2016-06-25 12:24 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-07-14 18:30 - 2016-06-25 12:15 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-07-14 18:30 - 2016-06-25 12:13 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-07-14 18:30 - 2016-06-25 12:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2016-07-14 18:30 - 2016-06-21 14:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-07-14 18:30 - 2016-06-21 10:12 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-07-14 18:30 - 2016-06-11 15:45 - 07445856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-07-14 18:30 - 2016-06-11 13:21 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-07-14 18:30 - 2016-06-11 13:01 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-07-14 18:30 - 2016-06-11 13:00 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-07-14 18:30 - 2016-06-11 12:31 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-07-14 18:30 - 2016-06-10 17:35 - 04167680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-07-14 18:30 - 2016-01-30 15:50 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-07-14 18:30 - 2016-01-30 15:00 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-07-14 18:30 - 2016-01-30 14:48 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-07-14 18:30 - 2016-01-30 14:18 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-07-14 18:30 - 2016-01-30 13:48 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-07-14 18:30 - 2016-01-30 13:41 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-07-11 15:03 - 2016-07-11 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-07 23:00 - 2016-07-07 23:00 - 00000000 ____D C:\Users\ronak_000\AppData\Local\openvr
2016-07-06 18:28 - 2016-06-25 16:05 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-07-06 18:28 - 2016-06-22 09:48 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-07-06 18:28 - 2016-06-21 09:48 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-03 23:33 - 2015-06-02 10:00 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Spotify
2016-08-03 23:33 - 2015-05-27 14:55 - 00000000 ____D C:\Users\ronak_000\AppData\Local\ClassicShell
2016-08-03 23:28 - 2015-06-02 10:00 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Spotify
2016-08-03 22:58 - 2016-01-18 18:25 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-03 22:47 - 2015-05-27 15:01 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-03 22:28 - 2015-05-27 15:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-03 21:53 - 2015-05-27 11:42 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1956968038-1783308290-1564097226-1001
2016-08-03 21:46 - 2015-05-27 11:37 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B58D2DC0-5384-4315-9E71-00C3983E739A}
2016-08-03 21:44 - 2015-05-27 16:26 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-02 23:09 - 2014-11-21 04:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-02 23:09 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-08-02 23:03 - 2016-01-18 18:25 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-02 23:03 - 2015-05-27 15:38 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\stickies
2016-08-02 23:03 - 2015-05-27 15:01 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-02 23:03 - 2015-05-27 14:51 - 00000000 ___DO C:\Users\ronak_000\OneDrive
2016-08-02 23:03 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-02 23:02 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-02 22:56 - 2016-04-22 12:19 - 00000000 ____D C:\Users\ronak_000\AppData\LocalLow\LastPass
2016-08-02 15:13 - 2015-05-27 14:37 - 00000000 ____D C:\Users\ronak_000
2016-08-02 15:13 - 2013-08-22 10:44 - 00538440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-02 10:45 - 2015-07-06 21:14 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Apple Computer
2016-08-02 09:37 - 2015-05-27 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-02 09:37 - 2015-05-27 15:30 - 00000000 ____D C:\Program Files\Microsoft Office
2016-08-02 09:37 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-02 07:48 - 2016-04-23 09:52 - 00003192 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForronak_000
2016-08-02 07:48 - 2016-04-23 09:52 - 00000370 _____ C:\WINDOWS\Tasks\HPCeeScheduleForronak_000.job
2016-08-01 22:32 - 2014-11-21 04:25 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-01 21:14 - 2016-06-16 22:55 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-01 20:32 - 2015-06-04 19:31 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-07-31 03:46 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-07-31 02:34 - 2015-07-06 20:39 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-07-31 02:34 - 2015-07-06 20:39 - 00000000 ____D C:\ProgramData\Logishrd
2016-07-31 02:34 - 2015-07-06 20:38 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2016-07-30 14:38 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-30 14:25 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-30 13:32 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-30 13:08 - 2016-01-11 01:24 - 00000000 ____D C:\ProgramData\Apple Computer
2016-07-30 13:08 - 2015-07-06 20:09 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Apple Computer
2016-07-30 13:08 - 2013-04-22 15:34 - 00000000 ____D C:\ProgramData\Apple
2016-07-28 20:42 - 2015-05-27 15:01 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 20:42 - 2015-05-27 15:01 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 23:26 - 2015-07-03 00:21 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\NVIDIA
2016-07-27 21:30 - 2016-01-05 21:27 - 00000945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-07-27 21:23 - 2016-01-18 18:21 - 00000000 ____D C:\Users\ronak_000\AppData\Local\CrashDumps
2016-07-27 15:25 - 2015-05-27 13:33 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-27 02:34 - 2015-05-27 15:01 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-26 13:28 - 2015-12-23 16:10 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-07-26 13:28 - 2015-12-23 16:10 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-07-25 12:51 - 2015-05-27 19:29 - 03344384 ___SH C:\Users\ronak_000\Desktop\Thumbs.db
2016-07-24 01:26 - 2015-07-03 00:01 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\TeamViewer
2016-07-22 09:39 - 2015-09-26 03:35 - 00000000 ____D C:\ProgramData\Oracle
2016-07-22 08:19 - 2015-09-26 03:35 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-07-22 08:19 - 2015-09-26 03:35 - 00000000 ____D C:\Users\ronak_000\.oracle_jre_usage
2016-07-22 08:19 - 2015-09-26 03:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-22 08:19 - 2015-09-26 03:35 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-21 07:19 - 2016-05-01 01:31 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-21 07:16 - 2016-01-20 08:19 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-21 07:16 - 2015-12-21 11:24 - 00000000 ____D C:\Users\ronak_000\AppData\Local\ElevatedDiagnostics
2016-07-21 07:16 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-07-21 01:07 - 2015-05-31 11:11 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Skype
2016-07-18 02:14 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-07-18 02:12 - 2015-05-27 11:37 - 00000000 ____D C:\Users\ronak_000\AppData\Local\Adobe
2016-07-18 02:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-18 02:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-16 01:51 - 2015-05-27 16:26 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-14 18:35 - 2015-05-27 12:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-14 18:32 - 2015-05-27 12:40 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-11 15:03 - 2015-08-11 10:10 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-07-09 02:31 - 2016-06-06 00:47 - 00000000 ____D C:\Users\ronak_000\Desktop\lol
2016-07-08 22:36 - 2015-06-14 20:02 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-07-07 22:58 - 2016-06-16 23:10 - 00000000 ____D C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
==================== Files in the root of some directories =======
2016-04-22 12:11 - 2016-04-22 12:11 - 0000422 _____ () C:\Users\ronak_000\AppData\Local\LMIR0002.tmp.bat
2016-04-22 12:11 - 2016-04-22 12:11 - 0000347 _____ () C:\Users\ronak_000\AppData\Local\LMIR0002.tmp_r.bat
2016-04-23 08:05 - 2016-04-23 08:05 - 0000422 _____ () C:\Users\ronak_000\AppData\Local\LMIR0003.tmp.bat
2016-04-23 08:05 - 2016-04-23 08:05 - 0000347 _____ () C:\Users\ronak_000\AppData\Local\LMIR0003.tmp_r.bat
2016-04-23 08:47 - 2016-04-23 08:47 - 0000369 _____ () C:\Users\ronak_000\AppData\Local\LMIR0004.tmp_r.bat
2016-04-23 10:05 - 2016-04-23 10:05 - 0000369 _____ () C:\Users\ronak_000\AppData\Local\LMIR0005.tmp_r.bat
2015-07-28 14:08 - 2015-01-29 11:14 - 0010240 _____ () C:\Users\ronak_000\AppData\Local\Z@!-03e55542-6305-4337-9fe5-3166f1ad8595.tmp
2015-07-28 14:08 - 2015-01-29 11:14 - 0010240 _____ () C:\Users\ronak_000\AppData\Local\Z@!-dd35e75b-c5be-4ecd-b487-94e7241311e8.tmp
2015-07-28 14:08 - 2015-01-29 11:14 - 0009216 _____ () C:\Users\ronak_000\AppData\Local\Z@S!-fc3979ac-1e8c-4812-97d5-011a72fee527.tmp
2015-12-15 11:08 - 2015-12-15 11:08 - 0000118 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-31 03:37
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by ronak_000 (2016-08-03 23:37:40)
Running from C:\Users\ronak_000\Desktop
Windows 8.1 Pro (Update) (X64) (2015-05-27 18:49:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1956968038-1783308290-1564097226-500 - Administrator - Disabled)
Crawford (S-1-5-21-1956968038-1783308290-1564097226-1006 - Limited - Enabled) => C:\Users\Crawford
Guest (S-1-5-21-1956968038-1783308290-1564097226-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1956968038-1783308290-1564097226-1005 - Limited - Enabled)
ronak_000 (S-1-5-21-1956968038-1783308290-1564097226-1001 - Administrator - Enabled) => C:\Users\ronak_000
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Amazon Amazon Music) (Version: 4.0.0.1205 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Batman: Arkham City GOTY (HKLM\...\Steam App 200260) (Version: - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Carbonite (HKLM-x32\...\{D7D8E032-6C0D-4D12-9F60-5D6F4D4FF20A}) (Version: 5.8.8 build 6212 (Apr-14-2016) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4919 - CyberLink Corp.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Diner Dash - Flo on the Go (HKLM-x32\...\a45b578ce10b48e7ae3cdb09ae69175d) (Version: - GameHouse)
DIRECTV Player (HKLM-x32\...\{4a5ad61d-1fe9-48b9-87a8-9235f71120f3}) (Version: 12.1 - DIRECTV)
Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.39.1 - Dropbox, Inc.) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
EPSON WF-3530 Series Printer Uninstall (HKLM\...\EPSON WF-3530 Series) (Version: - SEIKO EPSON Corporation)
Everything 1.3.4.686 (x86) (HKLM-x32\...\Everything) (Version: - )
Firestorm SecondLife and OpenSim viewer (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{63667a72-ee55-4dac-b231-18e6773104d8}) (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.82 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.26.37 - HP)
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Jane's Hotel - Family Hero (HKLM-x32\...\bd19093338e4bdb122f0db6c2b4011bd) (Version: - GameHouse)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nanny Mania (HKLM-x32\...\d7c42bdcccacb1cc86bdbedba2c75cf3) (Version: - GameHouse)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.55 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Posh Boutique (HKLM-x32\...\f720c0015c3e42a51b9dae57a15bfc97) (Version: - GameHouse)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.3.0.92 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version: - The SKSE Team)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.) Hidden
Spotify (HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteamVR (HKLM\...\Steam App 250820) (Version: - )
Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {110805F5-E9A2-4B05-A5ED-A29A9DA47A38} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-07-08] (Apple Inc.)
Task: {275D1A1C-DEC8-457B-A753-B121C9002BC7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-08] (HP Inc.)
Task: {2BCB4427-7EE2-4CD7-A7A2-97E501D6425D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: {324BB04A-FE1D-4C51-B575-D3E39587AA7A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {3D3D9FB6-51A4-4CB3-817D-EE1EFF9E195C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {3DBE7285-4D0E-4484-9BD3-DD6AC3F58AB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {3F3DBA93-638F-4D4B-8B38-04114D50582F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-18] (Dropbox, Inc.)
Task: {56D8B172-49B7-4C66-ABA1-0BB9E2AB7BEC} - System32\Tasks\HPCeeScheduleForronak_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {70C060D6-AEFD-457D-BF02-B31895CFAF91} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {7EC902CE-97D8-42E3-A0A2-AE0640E266B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-07-06] (HP Inc.)
Task: {7FFBE3DE-E73B-466F-829A-430F40B447B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8B9501B7-AC88-4ADA-A356-179609B821A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {B28D2963-980A-4531-9098-3687BF60E972} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27] (Google Inc.)
Task: {B81A9ACB-0D3A-40F0-A5D0-BF88890471EC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-14] (Microsoft Corporation)
Task: {C1E997CE-B0EE-4C52-A3C5-84683AE45689} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {CFDD70CD-C578-4927-AF84-1A54280E52E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-06-28] (HP Inc.)
Task: {D6A9A48B-ADBB-4AF3-B00F-D0AD30AB9F49} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe
Task: {DE4365B9-DA18-408C-8F94-7BA1BEE61455} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {DF1AE570-9E05-4F63-BADB-DC509FD2426B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {F8E47B62-BC5F-445B-AAFA-7E61460F3369} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {FFA34EEB-D351-4A24-885F-6EAD64765B8A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-18] (Dropbox, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForronak_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 01384168 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-03 17:25 - 2016-03-29 21:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-27 02:34 - 2016-07-18 22:26 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libglesv2.dll
2016-07-27 02:34 - 2016-07-18 22:25 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libegl.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 11423968 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\PCShowServer.dll
2016-02-14 09:15 - 2016-02-14 09:15 - 00340192 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\ndsLogStore.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 03301088 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\DrmSingleton.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 02100968 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 08346848 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\gsttspplugin.dll
2016-02-14 09:14 - 2016-02-14 09:14 - 00689904 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2016-02-14 09:15 - 2016-02-14 09:15 - 01404128 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\libxml2-2.dll
2016-02-14 09:15 - 2016-02-14 09:15 - 00092880 _____ () C:\Users\ronak_000\AppData\Local\DIRECTV Player\z.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2016-04-22 10:46 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronak_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CarboniteService => 2
MSCONFIG\Services: CLKMSVC10_99E320F5 => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: ogmservice => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1956968038-1783308290-1564097226-1001\...\StartupApproved\Run: => "Amazon Music"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8157AAAA-97E1-464C-8095-B53D88FED2B4}] => (Allow) C:\Users\ronak_000\AppData\Local\Temp\7zS7181.tmp\SymNRT.exe
FirewallRules: [{93C36DC8-1835-48EB-828C-DF3CC009298A}] => (Allow) C:\Users\ronak_000\AppData\Local\Temp\7zS7181.tmp\SymNRT.exe
FirewallRules: [{5F71C5F5-590B-4F69-BCA9-781451FF1207}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{293A3CA3-18C7-4240-A3F4-39B216963234}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{99FA3A36-5042-477E-A078-F6848B238FDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1FEFFD5-CA98-4575-9F1E-29BCDBFF6474}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{757DB812-959E-46B8-A7BD-92B816FC0E0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C42B3F3-C27A-48E6-ABDF-C7CF82AB8220}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0EF210F-6F48-47B1-8F69-28EE6A004A06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1D5AD19B-88F2-4498-B5FC-F243A4138C51}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{6BE89EE2-F548-468A-A22D-F977611C683C}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{3A3AFD21-74DA-4131-9A42-0F11E74BDA90}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [{594C2FB3-F001-4417-BBBC-4D3E7CC23159}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B47C1FBE-AE6E-4436-BA66-08504CABCB8A}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EB4D2FE7-3302-41F8-B8DD-442B6B26F294}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{836333C5-9BA3-4BB5-885C-2A78057BE08A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1F0F053F-3339-41E1-AA75-6D5ED3AAF3C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{95EE3C5D-A021-48D5-8C8C-7C83E994C065}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7D06952C-0CF5-422C-A30A-0316F237C567}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A8A3B5E7-7876-4730-A2D0-74C7547DB2D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E7F9CEA8-9300-4427-A3EA-05F282A4749A}C:\program files\firestorm-releasex64\slplugin.exe] => (Allow) C:\program files\firestorm-releasex64\slplugin.exe
FirewallRules: [UDP Query User{200EF843-4A5A-4B02-B950-5D44F95393BE}C:\program files\firestorm-releasex64\slplugin.exe] => (Allow) C:\program files\firestorm-releasex64\slplugin.exe
FirewallRules: [{D4A07A6D-F6B3-4E19-9B66-800476EA3C7E}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{86905469-4A07-4BEF-93ED-4466A7D4AC20}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{B33391AA-12E0-421E-8FFC-85235FEFAEA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4D4CEF3A-C33B-4C8E-9028-BABC3F7FB97D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{15F31C94-1399-4275-8858-141B158BF12A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DFE73CDB-D284-4F88-A83B-1272ED134563}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{1E71C61B-BE53-4D3D-A880-6A2948CB1C0E}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [UDP Query User{46A3A166-7EB5-489F-80B4-3DB182C76F0C}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe
FirewallRules: [TCP Query User{BD81A2B8-DEFF-4920-B398-3DF08AE5A0F1}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EC86DA32-5403-4D02-981B-21132C5926D3}C:\users\ronak_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronak_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3105D0EA-441F-4FA5-B159-3B2A45277C3E}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [UDP Query User{B4D09259-BF51-47F0-870E-DBEF8B9BB410}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [{1F5A9E5B-8057-47E6-B607-DAB1090DB57B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B6057D98-A5E0-4F1B-982E-7E6BED75F81C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{EDFB85D2-02BE-40BA-807F-40E122907ECD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{31598185-8E3B-4C9B-AE2B-6C8249428E5E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{DE1F7086-66C7-415A-94CB-DDAF7E9048D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F189E0D2-7FF8-43FA-A3CA-44B461CD6ACA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [TCP Query User{6B3B5780-56D1-4F4A-8062-F938D26915A2}C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{2CE52D76-F89D-4546-8DE8-2C82C41FA74C}C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [{919E712E-2996-447E-8BCA-97310265A5BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A95CEC03-EB8A-485B-8C2F-BBB79799A89E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{CC0BADD4-B170-47ED-B4D5-AEAAF3EF5AF3}C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{D8891863-155D-4A0B-87E4-3F791C5DF03D}C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\ronak_000\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [{E1DAFB1B-B829-4B64-AFF2-70F072622B65}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{76FCA432-2AFA-48DE-B0F5-D96E7833449A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3AA7009-7478-45E0-87B7-DA1919ED095A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB3DACCF-7368-41BE-B499-C61E35E0F696}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99AD02F4-F19C-437F-98C4-8E76CACD6E2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{D1DEC1E3-928C-4B42-8D40-F3E0FB9B5304}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{762FCCB7-87DE-49E2-8D48-B22FDF30AB33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{407AE669-729B-415B-A2C3-81B39120848A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{F07A042B-1E6B-4E74-8E1D-9A6EEA755148}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{D9424538-5944-43B6-989D-AD61847ABA0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\bin\win32\vrmonitor.exe
FirewallRules: [{A0A46BE4-7037-4EC7-9890-6648B1832518}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{41C527B6-5FC2-4EF0-86AE-E543F8E6111A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4278F433-70B0-4510-8F4E-2352E78E3776}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E052ACA2-84FD-4EFF-923E-9A2A7208DE27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C07AAB49-D02E-4D76-9448-D76842B1A712}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{52CC54F2-5849-4D88-96C9-34E2EA9F95B1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4FE5A6D2-ABCE-44DA-B8B7-B71F389D8C83}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{37B807AF-697E-4CC3-B8D7-CA4D51FDCF6D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{952E877C-6695-45B4-80FD-23FBC308D133}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E16FA1E9-DEDC-4E26-B91D-3B039E04BA80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3C3CD714-B147-4C94-965C-45033FE13AB0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CEB595B6-2A43-43B3-B4A7-392EF4240224}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
14-07-2016 18:31:05 Windows Update
22-07-2016 03:32:23 Scheduled Checkpoint
24-07-2016 01:32:16 Installed DirectX
27-07-2016 23:25:06 Installed DirectX
30-07-2016 13:08:05 Installed iTunes
30-07-2016 14:04:15 Installed iCloud
01-08-2016 21:03:54 Configured Microsoft Office Professional Plus 2013
01-08-2016 21:04:00 PROPLUSR
01-08-2016 22:32:13 Configured Microsoft Office Professional Plus 2013
01-08-2016 22:32:20 PROPLUSR
02-08-2016 09:37:06 Configured Microsoft Office Professional Plus 2013
02-08-2016 09:37:13 PROPLUSR
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/03/2016 09:53:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{d23c0be9-358c-4b41-a459-bec8f9c1d102}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (08/03/2016 09:53:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{17b23e46-c53e-4075-884d-0046068444ed}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (08/03/2016 09:53:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{75b4be64-2eef-4e12-b252-e149285cedcd}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (08/03/2016 09:53:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (08/03/2016 04:50:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250
Error: (08/03/2016 04:50:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250
Error: (08/03/2016 04:50:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/03/2016 04:48:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{d23c0be9-358c-4b41-a459-bec8f9c1d102}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (08/03/2016 04:48:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{17b23e46-c53e-4075-884d-0046068444ed}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
Error: (08/03/2016 04:48:07 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{75b4be64-2eef-4e12-b252-e149285cedcd}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)
System errors:
=============
Error: (08/02/2016 03:33:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:32:14 PM on 8/2/2016 was unexpected.
Error: (08/02/2016 03:13:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:12:18 PM on 8/2/2016 was unexpected.
Error: (08/01/2016 08:59:48 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
Error: (08/01/2016 08:59:45 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/01/2016 08:59:39 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
Error: (08/01/2016 08:59:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.
Error: (08/01/2016 08:59:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.
Error: (08/01/2016 08:57:04 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/01/2016 08:55:21 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (08/01/2016 08:55:21 PM) (Source: DCOM) (EventID: 10005) (User: HERPANDORA)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
CodeIntegrity:
===================================
Date: 2016-08-03 23:35:28.947
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-03 23:35:28.767
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-03 23:35:28.486
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-03 23:35:28.314
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-03 23:35:28.017
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-03 23:35:27.845
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-03 23:35:27.658
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-03 23:35:27.486
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-03 23:35:27.314
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-08-03 23:35:27.142
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 30%
Total physical RAM: 10178.13 MB
Available physical RAM: 7044.53 MB
Total Virtual: 11394.13 MB
Available Virtual: 7333.12 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:217.21 GB) (Free:12.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.57 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (DATA STORAGE) (Fixed) (Total:931.26 GB) (Free:827.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 2201E60A)
Partition: GPT.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B97F44D5)
Partition: GPT.
==================== End of Addition.txt ============================