Jump to content

Infected Computer - unable to run anything


Recommended Posts

Hi, I'm quite positive my machine is infected.  My antivirus nor Malwarebytes Premium is unable to detect/quarantine whatever it is that is affecting my computer.  My Malwarebytes scans are never complete, and neither are my McAfee scans, they seem to freeze up when it scans for rootkits.  Hoping you guys can help!  This is my last resort. Thanks!

 

I ran the Farbar recovery tool - here are both of the scan results (FRST & Addition):  
 

As a note, i received the following message when I ran Farbar:

"Exception EAccessViolation in module ERUNT.exe at 00003A38. Access violation at address: 00403a38 in module 'ERUNT.exe' Read of address 0076005D"

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by davinderbajwa (administrator) on BLUE on 06-08-2014 14:42:22
Running from C:\Users\davinderbajwa\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-01-21] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4484608 2014-01-22] (Research In Motion Limited)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1119029478-2692871295-200835359-1001\...\Run: [Google Update] => C:\Users\davinderbajwa\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-05] (Google Inc.)
HKU\S-1-5-21-1119029478-2692871295-200835359-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM - DefaultScope {E9509593-7D4E-493B-B310-77B48F92BD5E} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {E9509593-7D4E-493B-B310-77B48F92BD5E} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {E9509593-7D4E-493B-B310-77B48F92BD5E} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {E9509593-7D4E-493B-B310-77B48F92BD5E} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 71.9.127.107 68.116.46.115 69.144.127.53
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\davinderbajwa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\davinderbajwa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-19]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\davinderbajwa\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Google Docs) - C:\Users\davinderbajwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\davinderbajwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\davinderbajwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\davinderbajwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google Cast) - C:\Users\davinderbajwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-05]
CHR Extension: (Adblock Plus) - C:\Users\davinderbajwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-22]
CHR Extension: (Google Search) - C:\Users\davinderbajwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Google Wallet) - C:\Users\davinderbajwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Gmail) - C:\Users\davinderbajwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-01-22] (Apple Inc.) [File not signed]
S2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1309696 2014-01-22] (Research In Motion Limited) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-01-22] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
U3 fxldqpow; \??\C:\Users\DAVIND~1\AppData\Local\Temp\fxldqpow.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-06 14:42 - 2014-08-06 14:42 - 00024026 _____ () C:\Users\davinderbajwa\Downloads\FRST.txt
2014-08-06 14:41 - 2014-08-06 14:42 - 00000000 ____D () C:\FRST
2014-08-06 14:41 - 2014-08-06 14:41 - 02094080 _____ (Farbar) C:\Users\davinderbajwa\Downloads\FRST64.exe
2014-08-06 14:20 - 2014-08-06 14:20 - 00380416 _____ () C:\Users\davinderbajwa\Downloads\8mmow90i.exe
2014-08-06 14:17 - 2014-08-06 14:18 - 29611712 _____ (Microsoft Corporation) C:\Users\davinderbajwa\Downloads\Windows-KB890830-x64-V5.14.exe
2014-08-06 14:06 - 2014-08-06 14:06 - 00065232 _____ (Malwarebytes) C:\Users\davinderbajwa\Downloads\regassassin-setup-1.03.exe
2014-08-06 13:54 - 2014-08-06 14:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-06 13:53 - 2014-08-06 14:04 - 00000000 ____D () C:\Users\davinderbajwa\Desktop\mbar
2014-08-06 13:53 - 2014-08-06 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-06 13:51 - 2014-08-06 13:51 - 14349744 _____ (Malwarebytes Corp.) C:\Users\davinderbajwa\Downloads\mbar-1.07.0.1012.exe
2014-08-06 05:25 - 2014-08-06 05:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Leadertech
2014-08-06 03:15 - 2014-08-06 03:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-08-06 03:15 - 2014-08-06 03:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-08-06 03:11 - 2014-08-06 03:32 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1119029478-2692871295-200835359-500
2014-08-06 03:07 - 2014-08-06 03:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-08-06 03:06 - 2014-08-06 03:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Research In Motion
2014-08-06 03:06 - 2014-08-06 03:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Power2Go8
2014-08-06 03:04 - 2014-08-06 03:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-08-06 03:04 - 2014-08-06 03:04 - 00001444 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-06 03:04 - 2014-08-06 03:04 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-08-06 03:04 - 2014-08-06 03:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel
2014-08-06 03:04 - 2014-08-06 03:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-08-06 03:04 - 2014-08-06 03:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-06 03:04 - 2014-08-06 03:04 - 00000000 ____D () C:\Users\Administrator
2014-08-06 03:04 - 2014-07-25 13:17 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-06 03:04 - 2014-05-18 01:35 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-08-06 03:04 - 2014-02-21 21:37 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-08-06 03:04 - 2014-02-21 21:37 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-08-06 03:04 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-06 03:04 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-06 03:00 - 2014-08-06 03:00 - 00000000 __SHD () C:\Users\davinderbajwa\AppData\Local\EmieUserList
2014-08-06 03:00 - 2014-08-06 03:00 - 00000000 __SHD () C:\Users\davinderbajwa\AppData\Local\EmieSiteList
2014-08-05 22:26 - 2014-08-05 22:26 - 00000017 _____ () C:\Users\davinderbajwa\AppData\Local\resmon.resmoncfg
2014-08-05 11:08 - 2014-08-05 11:08 - 00014096 _____ () C:\Users\davinderbajwa\Downloads\Extensions 2013.xlsx.xlsx
2014-07-31 16:26 - 2014-07-31 16:29 - 00000000 ___RD () C:\Users\davinderbajwa\Google Drive
2014-07-31 16:26 - 2014-07-31 16:26 - 00001737 _____ () C:\Users\davinderbajwa\Desktop\Google Drive.lnk
2014-07-31 16:23 - 2014-07-31 16:23 - 00895120 _____ (Google Inc.) C:\Users\davinderbajwa\Downloads\googledrivesync.exe
2014-07-28 01:24 - 2014-07-16 03:00 - 00024020 _____ () C:\Users\davinderbajwa\Documents\My%20Bill%20of%20Sale.doc_0.odt
2014-07-28 01:24 - 2014-07-16 00:38 - 00026019 _____ () C:\Users\davinderbajwa\Documents\My%20Sale%20of%20Business%20Assets%20Worksheet.doc_0.odt
2014-07-28 01:24 - 2014-07-16 00:38 - 00022457 _____ () C:\Users\davinderbajwa\Documents\My%20Secured%20Promissory%20Note.doc_0.odt
2014-07-22 23:09 - 2014-04-13 20:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-18 15:32 - 2014-07-18 15:32 - 10844070 _____ () C:\Users\davinderbajwa\Desktop\2012_DeshpalBajwa_PersonalTaxes 001.zip
2014-07-12 03:48 - 2014-07-12 03:52 - 00000000 ____D () C:\Users\davinderbajwa\Desktop\Papers - Articles
2014-07-12 03:47 - 2014-07-12 03:52 - 00000000 ____D () C:\Users\davinderbajwa\Desktop\Deeds Resume
2014-07-08 12:13 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-08 12:13 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-08 12:13 - 2014-06-06 07:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-08 12:13 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-08 12:13 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-08 12:13 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-08 12:13 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-08 12:13 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-08 12:13 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-08 12:13 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-08 12:12 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-08 12:12 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-08 12:12 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-08 12:12 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-08 12:12 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-08 12:12 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-08 12:12 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-08 12:12 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-08 12:12 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-08 12:12 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-08 12:12 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-08 12:12 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-08 12:12 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-08 12:12 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-08 12:12 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-08 12:12 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-08 12:12 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-08 12:12 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-08 12:12 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-08 12:12 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-08 12:12 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-08 12:12 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-08 12:12 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-08 12:12 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-08 12:12 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-08 12:12 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-08 12:12 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-08 12:12 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-08 12:12 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-08 12:12 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-08 12:12 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-08 12:12 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-08 12:12 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-08 12:12 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 12:12 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-08 12:12 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-08 12:12 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 12:12 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-08 12:12 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-08 12:12 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-08 12:12 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-08 12:12 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-08 12:12 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-08 12:12 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-08 12:09 - 2014-07-08 12:09 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-06 14:42 - 2014-08-06 14:42 - 00024026 _____ () C:\Users\davinderbajwa\Downloads\FRST.txt
2014-08-06 14:42 - 2014-08-06 14:41 - 00000000 ____D () C:\FRST
2014-08-06 14:41 - 2014-08-06 14:41 - 02094080 _____ (Farbar) C:\Users\davinderbajwa\Downloads\FRST64.exe
2014-08-06 14:20 - 2014-08-06 14:20 - 00380416 _____ () C:\Users\davinderbajwa\Downloads\8mmow90i.exe
2014-08-06 14:18 - 2014-08-06 14:17 - 29611712 _____ (Microsoft Corporation) C:\Users\davinderbajwa\Downloads\Windows-KB890830-x64-V5.14.exe
2014-08-06 14:06 - 2014-08-06 14:06 - 00065232 _____ (Malwarebytes) C:\Users\davinderbajwa\Downloads\regassassin-setup-1.03.exe
2014-08-06 14:04 - 2014-08-06 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-06 14:04 - 2014-08-06 13:53 - 00000000 ____D () C:\Users\davinderbajwa\Desktop\mbar
2014-08-06 14:03 - 2014-02-18 16:41 - 01112252 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-06 14:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-06 13:54 - 2014-06-05 17:42 - 00000950 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1119029478-2692871295-200835359-1001UA.job
2014-08-06 13:54 - 2013-03-15 22:48 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-08-06 13:53 - 2014-08-06 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-06 13:53 - 2014-06-25 15:11 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-06 13:53 - 2014-04-19 13:51 - 00001862 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2014-08-06 13:53 - 2014-01-19 20:26 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1119029478-2692871295-200835359-1001
2014-08-06 13:51 - 2014-08-06 13:51 - 14349744 _____ (Malwarebytes Corp.) C:\Users\davinderbajwa\Downloads\mbar-1.07.0.1012.exe
2014-08-06 13:51 - 2014-02-04 21:21 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-06 13:48 - 2014-06-25 15:11 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 13:48 - 2014-02-04 22:11 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-06 13:48 - 2014-02-04 21:21 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 13:47 - 2014-02-18 16:27 - 00000000 ____D () C:\Users\davinderbajwa
2014-08-06 13:45 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-06 13:11 - 2014-04-19 13:49 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-06 13:11 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-06 13:10 - 2013-11-14 00:20 - 01131276 _____ () C:\WINDOWS\PFRO.log
2014-08-06 13:10 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-06 05:25 - 2014-08-06 05:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Leadertech
2014-08-06 03:32 - 2014-08-06 03:11 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1119029478-2692871295-200835359-500
2014-08-06 03:15 - 2014-08-06 03:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-08-06 03:15 - 2014-08-06 03:15 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-08-06 03:11 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-06 03:07 - 2014-08-06 03:07 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-08-06 03:06 - 2014-08-06 03:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Research In Motion
2014-08-06 03:06 - 2014-08-06 03:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Power2Go8
2014-08-06 03:06 - 2014-08-06 03:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-08-06 03:04 - 2014-08-06 03:04 - 00001444 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-06 03:04 - 2014-08-06 03:04 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-08-06 03:04 - 2014-08-06 03:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel
2014-08-06 03:04 - 2014-08-06 03:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-08-06 03:04 - 2014-08-06 03:04 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-06 03:04 - 2014-08-06 03:04 - 00000000 ____D () C:\Users\Administrator
2014-08-06 03:00 - 2014-08-06 03:00 - 00000000 __SHD () C:\Users\davinderbajwa\AppData\Local\EmieUserList
2014-08-06 03:00 - 2014-08-06 03:00 - 00000000 __SHD () C:\Users\davinderbajwa\AppData\Local\EmieSiteList
2014-08-05 22:37 - 2014-02-04 21:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-05 22:26 - 2014-08-05 22:26 - 00000017 _____ () C:\Users\davinderbajwa\AppData\Local\resmon.resmoncfg
2014-08-05 11:54 - 2014-06-05 17:42 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1119029478-2692871295-200835359-1001Core.job
2014-08-05 11:08 - 2014-08-05 11:08 - 00014096 _____ () C:\Users\davinderbajwa\Downloads\Extensions 2013.xlsx.xlsx
2014-08-02 01:52 - 2013-11-14 00:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-02 01:35 - 2013-08-22 07:46 - 00299245 _____ () C:\WINDOWS\setupact.log
2014-07-31 16:29 - 2014-07-31 16:26 - 00000000 ___RD () C:\Users\davinderbajwa\Google Drive
2014-07-31 16:26 - 2014-07-31 16:26 - 00001737 _____ () C:\Users\davinderbajwa\Desktop\Google Drive.lnk
2014-07-31 16:25 - 2014-02-04 21:21 - 00000000 ____D () C:\Users\davinderbajwa\AppData\Local\Google
2014-07-31 16:23 - 2014-07-31 16:23 - 00895120 _____ (Google Inc.) C:\Users\davinderbajwa\Downloads\googledrivesync.exe
2014-07-29 17:51 - 2014-02-17 16:33 - 00111104 ___SH () C:\Users\davinderbajwa\Desktop\Thumbs.db
2014-07-29 12:04 - 2014-06-16 12:58 - 00000000 ____D () C:\Users\davinderbajwa\Desktop\Office Docs
2014-07-28 04:42 - 2014-03-02 03:40 - 00916992 ___SH () C:\Users\davinderbajwa\Downloads\Thumbs.db
2014-07-27 17:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-26 18:39 - 2013-03-15 22:44 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-07-26 18:38 - 2012-07-26 01:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-07-26 01:09 - 2014-01-19 20:28 - 00000000 ____D () C:\Users\davinderbajwa\AppData\Local\softthinks
2014-07-25 22:52 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-25 13:20 - 2014-03-08 21:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 13:20 - 2014-03-08 21:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 13:20 - 2013-08-22 07:44 - 00510656 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-25 13:17 - 2014-08-06 03:04 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-25 13:17 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-25 13:17 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-25 13:17 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-25 13:17 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-24 12:13 - 2014-03-08 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-22 23:13 - 2014-02-17 15:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-22 23:10 - 2014-02-17 15:41 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-22 23:10 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-18 15:32 - 2014-07-18 15:32 - 10844070 _____ () C:\Users\davinderbajwa\Desktop\2012_DeshpalBajwa_PersonalTaxes 001.zip
2014-07-17 00:01 - 2014-02-04 19:31 - 00000000 ____D () C:\Users\davinderbajwa\AppData\Roaming\PCDr
2014-07-16 03:00 - 2014-07-28 01:24 - 00024020 _____ () C:\Users\davinderbajwa\Documents\My%20Bill%20of%20Sale.doc_0.odt
2014-07-16 00:38 - 2014-07-28 01:24 - 00026019 _____ () C:\Users\davinderbajwa\Documents\My%20Sale%20of%20Business%20Assets%20Worksheet.doc_0.odt
2014-07-16 00:38 - 2014-07-28 01:24 - 00022457 _____ () C:\Users\davinderbajwa\Documents\My%20Secured%20Promissory%20Note.doc_0.odt
2014-07-15 16:05 - 2013-11-14 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 03:52 - 2014-07-12 03:48 - 00000000 ____D () C:\Users\davinderbajwa\Desktop\Papers - Articles
2014-07-12 03:52 - 2014-07-12 03:47 - 00000000 ____D () C:\Users\davinderbajwa\Desktop\Deeds Resume
2014-07-12 03:52 - 2014-03-22 03:14 - 00000000 ____D () C:\Users\davinderbajwa\Documents\Zakir hussain tickets_files
2014-07-12 03:51 - 2014-05-12 20:43 - 00000000 ____D () C:\Users\davinderbajwa\Downloads\Old Docs
2014-07-12 03:51 - 2014-04-23 16:41 - 00000000 ____D () C:\Users\davinderbajwa\Desktop\Home Docs
2014-07-11 09:38 - 2014-03-31 11:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-08 16:21 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-07-08 12:09 - 2014-07-08 12:09 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-29 08:14
 
==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by davinderbajwa at 2014-08-06 14:43:11
Running from C:\Users\davinderbajwa\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.3.23 - BlackBerry Ltd.)
BlackBerry Link (x32 Version: 1.2.3.23 - BlackBerry Ltd.) Hidden
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{F13921D6-AE6D-41BF-807A-17BD99C0A4FD}) (Version: 15.5.5.0480 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13291.0 - Linksys LLC)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1119029478-2692871295-200835359-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\davinderbajwa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1119029478-2692871295-200835359-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\davinderbajwa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1119029478-2692871295-200835359-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\davinderbajwa\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1119029478-2692871295-200835359-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\davinderbajwa\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
15-07-2014 14:43:19 Scheduled Checkpoint
23-07-2014 06:07:29 Windows Update
02-08-2014 13:53:31 Scheduled Checkpoint
06-08-2014 05:35:45 Removed Google Drive
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {034DAA91-E37E-4C32-93F5-D5B53A6FD06B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05F3C4A0-D3CA-461B-BBBF-F66C43D209A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1119029478-2692871295-200835359-1001Core => C:\Users\davinderbajwa\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1145EEAC-2722-4400-9D0D-FCB8B95E6EE1} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {15AE81D9-2BF2-4922-93EB-7FC17D52DB97} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {27E6516F-26D1-4AE0-8595-8D87FF47D276} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3FEFE20E-84DF-43A1-A64F-5CFF2B15CE13} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1119029478-2692871295-200835359-1001UA => C:\Users\davinderbajwa\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5209F481-93C4-49B4-B503-3211A0A67904} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {68150276-0520-4C28-902D-28D990FA9D63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7545AE0C-6365-46B2-BF23-FE8DA11D33ED} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7A623EEE-C893-428C-A1DF-D16332627621} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9CAD222E-AF4F-49D2-A57B-DA61827C6711} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {ABD4A44F-E128-4796-A624-0CB3824672AB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {AD0028A1-921D-4B77-9029-F4DE94FE6B59} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {BB3A9B9E-5EA0-41E6-B7AF-315FC691C4BA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {BC377881-C309-42CC-9527-2982A27F6D66} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C28CB2A6-659B-42B2-B355-F2F2F896B11D} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1119029478-2692871295-200835359-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {CDA6B435-DABB-4BEE-B829-9A1AE6EB1EF8} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F272DE66-CEA3-4EA1-A4F1-2E63172509D8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1119029478-2692871295-200835359-1001Core.job => C:\Users\davinderbajwa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1119029478-2692871295-200835359-1001UA.job => C:\Users\davinderbajwa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-07 18:33 - 2012-09-18 16:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2014-02-07 18:33 - 2012-09-18 16:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-03-31 11:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-03-15 22:42 - 2012-04-24 19:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-07-11 09:33 - 2014-05-20 09:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-26 00:09 - 2014-04-26 00:09 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\7a891719ed7b38bb959d812adc580f5c\PSIClient.ni.dll
2013-03-15 22:40 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-03-15 22:31 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-03-15 22:48 - 2012-09-12 21:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-03-15 22:48 - 2012-08-06 10:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-03-15 22:48 - 2012-08-06 10:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2014-07-18 15:54 - 2014-07-15 02:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 15:54 - 2014-07-15 02:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 15:54 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 15:54 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 15:54 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: BlackBerry Virtual Private Network
Description: BlackBerry Virtual Private Network
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Research In Motion
Service: rimvndis
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/06/2014 01:52:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0x1290
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5
 
Error: (08/06/2014 01:43:31 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13609
 
Error: (08/06/2014 01:43:31 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13609
 
Error: (08/06/2014 01:43:31 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/06/2014 01:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 16.1.0.0, time stamp: 0x521e80f5
Faulting module name: MurocApi.dll, version: 16.1.0.0, time stamp: 0x521e7ff7
Exception code: 0xc0000005
Fault offset: 0x0000000000026570
Faulting process id: 0x8c4
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5
 
Error: (08/05/2014 09:04:48 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12375
 
Error: (08/05/2014 09:04:48 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12375
 
Error: (08/05/2014 09:04:48 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/05/2014 09:04:46 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10922
 
Error: (08/05/2014 09:04:46 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10922
 
 
System errors:
=============
Error: (08/06/2014 01:52:18 PM) (Source: DCOM) (EventID: 10010) (User: blue)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (08/06/2014 01:50:30 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (08/06/2014 01:48:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/06/2014 01:47:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053
 
Error: (08/06/2014 01:47:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
 
Error: (08/06/2014 01:45:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:28:51 PM on ‎8/‎6/‎2014 was unexpected.
 
Error: (08/06/2014 01:13:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/06/2014 01:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/06/2014 00:40:21 PM) (Source: DCOM) (EventID: 10010) (User: blue)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (08/06/2014 00:38:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%577
 
 
Microsoft Office Sessions:
=========================
Error: (08/06/2014 01:52:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425129001cfb1b858c3ade4C:\Users\davinderbajwa\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll9d0bc583-1dab-11e4-be8b-e0db55e36313
 
Error: (08/06/2014 01:43:31 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13609
 
Error: (08/06/2014 01:43:31 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13609
 
Error: (08/06/2014 01:43:31 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/06/2014 01:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.1.0.0521e80f5MurocApi.dll16.1.0.0521e7ff7c000000500000000000265708c401cfb1b28e4272beC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dlldab03da6-1da5-11e4-be8a-606c660e0709
 
Error: (08/05/2014 09:04:48 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12375
 
Error: (08/05/2014 09:04:48 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12375
 
Error: (08/05/2014 09:04:48 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/05/2014 09:04:46 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10922
 
Error: (08/05/2014 09:04:46 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10922
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-06 12:38:06.502
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 31%
Total physical RAM: 8073.27 MB
Available physical RAM: 5531.71 MB
Total Pagefile: 9417.27 MB
Available Pagefile: 6741.55 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.24 GB) (Free:872.07 GB) NTFS
Drive w: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:13.79 GB) (Free:0.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D429DF69)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Addition.txt

FRST.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.