amirtha Posted August 7, 2015 ID:981857 Share Posted August 7, 2015 I got infected with a hijacker. I ran malwarebytes and it removed an infected program. I uninstalled the ask.com from my control panel. This seems to make it happen less often, but I'm still having the problem where I click on a link and a random advertisement will open up in a new tab. Except it's not random, it's usually the same ad for a computer cleaning program, haha.Please help!Thankyou!!Amirtha here is my text from running the farbar scan: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015Ran by Amirtha (administrator) on AMRLAPTOP (06-08-2015 21:18:41)Running from C:\Users\Amirtha\DownloadsLoaded Profiles: Amirtha (Available Profiles: Amirtha)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Intel Corporation) C:\Windows\System32\igfxTray.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe() C:\Windows\SysWOW64\UMonit64.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSPanel.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe() C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSService.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x64__8wekyb3d8bbwe\glcnd.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\wimserv.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-17] (Intel Corporation)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915160 2014-04-18] (Conexant Systems, Inc.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\ASUSWSLoader.exe [63272 2015-02-12] ()HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Run: [GoogleChromeAutoLaunch_600696EEBA989FB199FFA71303940F4C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Run: [Google Update] => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-26] (Google Inc.)HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-03-25]ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-2597420283-1509548883-3541148938-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJBHKU\S-1-5-21-2597420283-1509548883-3541148938-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJBBHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-25] (LastPass)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No FileBHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-26] (Oracle Corporation)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-25] (LastPass)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-26] (Oracle Corporation)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-25] (LastPass)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-25] (LastPass)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cabDPF: HKLM-x32 {575AC44B-C254-48B4-8102-20F29D72A60E} https://access.erlanger.org/dsh/02020310/html/,DanaInfo=dashboard.smshealthconx.net,SSL+SMSDSHSETFOREGROUND.CABDPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://access.erlanger.org/dana-cached/sc/JuniperSetupClient.cabDPF: HKLM-x32 {FD0ECA0C-6403-48CB-91C0-6C73EF7771AA} https://access.erlanger.org/dsh/02020310/html/,DanaInfo=dashboard.smshealthconx.net,SSL+SMSDSHDOWNLOAD.CABHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-25] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{9E0DF1D1-B0D9-4E0F-AAFE-E3A5FCA26F3D}: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-25] (LastPass)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-26] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-26] (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-25] (LastPass)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-25] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amirtha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @talk.google.com/O1DPlugin -> C:\Users\Amirtha\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Amirtha\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Amirtha\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-08-03] Chrome: =======CHR Profile: C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]CHR Extension: (Google Docs) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]CHR Extension: (Google Drive) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-25]CHR Extension: (YouTube) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-25]CHR Extension: (Google Cast) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-08-02]CHR Extension: (Adblock Plus) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-03]CHR Extension: (Norton Security Toolbar) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-06-30]CHR Extension: (Google Search) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-25]CHR Extension: (FlashFree) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmieckllmmifjjbipnppinpiohpfahm [2015-04-03]CHR Extension: (Google Sheets) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-25]CHR Extension: (AdBlock) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-03]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-25]CHR Extension: (Norton Identity Safe) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-26]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]CHR Extension: (Flashcontrol) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-04-03]CHR Extension: (Ghostery) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-03]CHR Extension: (Chrome Web Store Payments) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-25]CHR Extension: (Adblock Pro) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-04-03]CHR Extension: (Gmail) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-25]CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-26]CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-26]CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-17] (Intel Corporation)R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-17] (Intel Corporation)R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-17] (Intel Corporation)R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-17] (Intel Corporation)R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-07] (Intel Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-08-27] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)S2 0238291429823418mcinstcleanup; C:\Windows\TEMP\023829~1.EXE -cleanup -nolog [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-03-31] (ASUS Corporation)S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-17] (Intel Corporation)R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-17] (Intel Corporation)R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-17] (Intel Corporation)R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-17] (Intel Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [220104 2014-08-07] (Intel Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150805.001\IDSvia64.sys [692984 2015-07-01] (Symantec Corporation)R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-06] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150806.003\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150806.003\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-26] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-06 21:18 - 2015-08-06 21:18 - 00031214 _____ C:\Users\Amirtha\Downloads\FRST.txt2015-08-06 21:18 - 2015-08-06 21:18 - 00000000 ____D C:\FRST2015-08-06 21:16 - 2015-08-06 21:17 - 02170368 _____ (Farbar) C:\Users\Amirtha\Downloads\FRST64.exe2015-08-03 17:47 - 2015-08-03 17:47 - 00000407 _____ C:\Users\Amirtha\Downloads\Two_point_syncopation.mid2015-08-03 14:54 - 2015-08-03 14:54 - 00048679 _____ C:\Users\Amirtha\Downloads\Hep C Data 7 29 15.xlsx2015-08-03 14:54 - 2015-08-03 14:54 - 00001365 _____ C:\Users\Amirtha\Downloads\Hep C - upcoming appts 7 29 15.txt2015-08-03 14:54 - 2015-08-03 14:54 - 00000501 _____ C:\Users\Amirtha\Downloads\biopsy.txt2015-08-03 14:02 - 2015-08-06 20:46 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-08-03 14:02 - 2015-08-03 14:02 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-08-03 14:02 - 2015-08-03 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-03 14:02 - 2015-08-03 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes2015-08-03 14:02 - 2015-08-03 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-03 14:02 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-08-03 14:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-08-03 14:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-08-03 14:00 - 2015-08-03 14:00 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Amirtha\Downloads\mbam-setup-2.1.8.1057 (1).exe2015-08-03 13:20 - 2015-08-03 13:20 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Amirtha\Downloads\mbam-setup-2.1.8.1057.exe2015-08-01 06:52 - 2015-08-01 17:04 - 02097930 _____ C:\Users\Amirtha\Documents\AD excel_tutorial.xlsm2015-07-29 19:03 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll2015-07-29 19:03 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll2015-07-28 17:31 - 2015-07-28 17:31 - 00000000 ____D C:\Windows\System32\Tasks\Norton 3602015-07-28 13:15 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-07-26 15:28 - 2015-07-26 15:28 - 00081536 _____ C:\Users\Amirtha\Downloads\sent1to4.au2015-07-26 15:28 - 2015-07-26 15:28 - 00023834 _____ C:\Users\Amirtha\Downloads\sent2.au2015-07-26 14:20 - 2015-07-26 14:20 - 00001616 _____ C:\Users\Public\clientURLString.txt2015-07-26 14:19 - 2015-07-26 14:19 - 39334808 _____ (MyPublisher) C:\Users\Amirtha\Downloads\MyPublishersetup-USD-en-US (1).exe2015-07-26 13:49 - 2015-08-01 16:52 - 00000000 ____D C:\Program Files (x86)\MyPublisher2015-07-26 13:49 - 2015-07-26 13:49 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\MyPublisher2015-07-26 13:48 - 2015-07-26 13:49 - 20503688 _____ (MyPublisher) C:\Users\Amirtha\Downloads\MyPublishersetup-USD-en-US.exe2015-07-23 19:53 - 2015-07-23 19:53 - 00038665 _____ C:\Users\Amirtha\Downloads\Copy of Hep C Data 7.23.15.xlsx2015-07-23 19:53 - 2015-07-23 19:53 - 00001215 _____ C:\Users\Amirtha\Downloads\Hep C - upcoming appts 7.23.15.txt2015-07-22 17:32 - 2015-07-22 17:33 - 91931728 _____ (The GIMP Team ) C:\Users\Amirtha\Downloads\gimp-2.8.14-setup-1.exe2015-07-22 14:10 - 2015-08-04 12:52 - 00004986 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for AmrLaptop-Amirtha AmrLaptop2015-07-22 14:07 - 2015-07-22 14:07 - 00000000 ___SD C:\Users\Amirtha\Documents\My Data Sources2015-07-21 15:20 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-07-21 15:20 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2015-07-21 15:20 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2015-07-21 15:20 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-07-20 23:45 - 2015-07-31 13:32 - 00000000 ____D C:\Users\Amirtha\AppData\Local\NPE2015-07-20 12:56 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2015-07-20 12:56 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2015-07-20 12:56 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2015-07-20 12:56 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2015-07-20 11:38 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2015-07-20 11:38 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-07-20 11:38 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-07-20 11:38 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-07-20 11:38 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-07-20 11:38 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-07-20 11:38 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-07-20 11:38 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll2015-07-20 11:38 - 2015-05-11 14:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys2015-07-20 11:38 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll2015-07-20 11:38 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2015-07-20 11:38 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll2015-07-20 11:38 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2015-07-20 11:38 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll2015-07-20 11:38 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll2015-07-20 11:38 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll2015-07-20 11:38 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll2015-07-20 11:38 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll2015-07-20 11:38 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-07-20 11:38 - 2015-05-01 19:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml2015-07-20 11:38 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll2015-07-20 11:38 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls2015-07-20 11:38 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\system32\locale.nls2015-07-20 11:38 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys2015-07-20 11:38 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys2015-07-20 11:38 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys2015-07-20 11:38 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys2015-07-20 11:38 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys2015-07-20 11:38 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys2015-07-20 11:38 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys2015-07-20 11:37 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll2015-07-20 11:37 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll2015-07-20 11:16 - 2015-07-20 11:16 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\Apple Computer2015-07-20 11:16 - 2015-07-20 11:16 - 00000000 ____D C:\Users\Amirtha\AppData\Local\Apple Computer2015-07-20 11:16 - 2015-07-20 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-07-20 11:15 - 2015-07-20 11:16 - 00000000 ____D C:\Program Files\iTunes2015-07-20 11:15 - 2015-07-20 11:15 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Users\Amirtha\AppData\Local\Apple2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\ProgramData\Apple Computer2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\ProgramData\Apple2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files\iPod2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files\Common Files\Apple2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files\Bonjour2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files (x86)\iTunes2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files (x86)\Bonjour2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files (x86)\Apple Software Update2015-07-20 11:12 - 2015-07-20 11:13 - 155875632 _____ (Apple Inc.) C:\Users\Amirtha\Downloads\iTunes6464Setup.exe2015-07-18 12:49 - 2015-07-18 12:49 - 02129748 _____ C:\Users\Amirtha\Downloads\excel_tutorial.xlsm2015-07-17 22:11 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-07-17 22:11 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-07-17 22:11 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-07-17 22:11 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-07-17 22:11 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-07-17 22:11 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2015-07-17 22:11 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-07-17 22:11 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-07-17 22:11 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-07-17 22:11 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-07-17 22:11 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-07-17 22:11 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-07-17 22:11 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-07-17 22:11 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-07-17 22:11 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-07-17 22:11 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-07-17 22:10 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-07-17 22:10 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-07-17 22:10 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-07-17 22:10 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-07-17 22:10 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-07-17 22:10 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-07-17 22:10 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-07-17 22:10 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-07-17 22:10 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-07-17 22:10 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-07-17 22:10 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-07-17 22:10 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-07-17 22:10 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2015-07-17 22:10 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-07-17 22:10 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2015-07-17 22:10 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2015-07-17 22:10 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2015-07-17 22:10 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2015-07-17 22:10 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2015-07-17 22:10 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-07-17 22:10 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-07-17 22:10 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2015-07-17 22:10 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-07-17 22:10 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-07-17 22:10 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe2015-07-17 22:10 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2015-07-17 22:10 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe2015-07-17 22:10 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2015-07-17 22:10 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2015-07-17 22:10 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2015-07-17 22:10 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll2015-07-17 22:10 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll2015-07-17 22:10 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2015-07-17 22:09 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll2015-07-17 22:09 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll2015-07-17 22:09 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-07-17 22:09 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-07-17 22:09 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-07-17 22:09 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-07-17 22:09 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx2015-07-17 22:09 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-07-17 22:09 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-07-17 22:09 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2015-07-17 22:09 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-07-17 22:09 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-07-17 22:09 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-07-17 22:09 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-07-17 22:09 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-07-17 22:09 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2015-07-17 22:09 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-07-17 22:09 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-07-17 22:09 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-07-17 22:09 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-07-17 22:09 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-07-17 22:09 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-07-17 22:09 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2015-07-17 22:09 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-07-17 22:09 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-07-17 22:09 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2015-07-17 22:09 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-07-17 22:09 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-07-17 22:09 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-07-17 22:09 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-07-17 22:09 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-07-17 22:09 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-07-17 22:09 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2015-07-17 22:09 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-07-17 22:09 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-07-17 22:09 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2015-07-17 22:09 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2015-07-17 22:09 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll2015-07-10 09:39 - 2015-08-06 16:58 - 00000000 ___HD C:\$Windows.~BT2015-07-08 14:01 - 2015-08-01 17:05 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\Foxit Software ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-06 21:10 - 2015-04-26 05:54 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA.job2015-08-06 21:10 - 2015-04-26 05:54 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core.job2015-08-06 21:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru2015-08-06 20:33 - 2015-03-25 14:16 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-06 18:47 - 2014-11-09 03:47 - 01895006 _____ C:\Windows\WindowsUpdate.log2015-08-06 18:37 - 2015-03-25 13:48 - 00000094 _____ C:\Users\Amirtha\AppData\Roaming\sp_data.sys2015-08-06 17:00 - 2014-09-24 07:55 - 00000000 ____D C:\Windows\Panther2015-08-06 16:59 - 2015-03-25 13:57 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3E08DA1-F49A-4D07-B353-BBAC72CE1DE1}2015-08-06 16:35 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness2015-08-06 16:20 - 2014-03-18 06:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI2015-08-06 12:57 - 2015-05-12 14:43 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update12015-08-06 12:57 - 2015-05-12 14:43 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update22015-08-05 23:09 - 2015-03-25 13:53 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2597420283-1509548883-3541148938-10012015-08-05 22:16 - 2015-03-25 13:48 - 00000000 ____D C:\Users\Amirtha\AppData\Local\Packages2015-08-04 22:57 - 2015-04-18 21:19 - 00000000 ____D C:\Users\Amirtha\Documents\checkouts2015-08-03 14:42 - 2015-03-25 14:11 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\ASUS WebStorage2015-08-03 14:35 - 2014-03-18 05:54 - 00078702 _____ C:\Windows\PFRO.log2015-08-03 14:35 - 2014-03-18 05:45 - 00000000 ____D C:\Windows\ShellNew2015-08-03 14:35 - 2013-08-22 10:46 - 00034535 _____ C:\Windows\setupact.log2015-08-03 14:35 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-08-03 14:34 - 2014-11-09 03:51 - 14355186 _____ C:\Users\Public\CAFADEBUG.log2015-08-03 14:34 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI2015-08-03 14:33 - 2015-06-21 10:43 - 00000000 ____D C:\Users\Amirtha\Desktop\TipsAndTechniques2015-08-03 14:33 - 2015-04-26 06:07 - 00000000 ____D C:\ProgramData\APN2015-08-01 17:06 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP2015-08-01 17:03 - 2015-06-27 18:37 - 00000000 ____D C:\Users\Amirtha\Documents\step 32015-08-01 16:46 - 2015-06-21 10:31 - 00000000 ____D C:\Users\Amirtha\Documents\board review2015-08-01 16:46 - 2015-03-29 16:28 - 00000000 ____D C:\Users\Amirtha\Documents\Tax2015-08-01 16:20 - 2015-04-25 10:34 - 00000000 ____D C:\Users\Amirtha\AppData\Local\CrashDumps2015-07-29 19:04 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp2015-07-29 08:30 - 2015-03-25 15:34 - 01479168 ___SH C:\Users\Amirtha\Downloads\Thumbs.db2015-07-29 08:20 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM2015-07-28 17:26 - 2015-06-30 18:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602015-07-28 17:26 - 2015-04-26 16:16 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration2015-07-28 17:26 - 2015-04-26 16:16 - 00002259 _____ C:\Users\Public\Desktop\Norton 360.LNK2015-07-28 17:26 - 2015-04-26 16:16 - 00000000 ____D C:\Windows\system32\Drivers\N360x642015-07-28 13:54 - 2015-04-17 16:32 - 00361984 ___SH C:\Users\Amirtha\Desktop\Thumbs.db2015-07-26 16:34 - 2015-04-17 16:57 - 00242176 ___SH C:\Users\Amirtha\Documents\Thumbs.db2015-07-26 14:00 - 2015-04-26 16:16 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS2015-07-26 14:00 - 2015-04-26 16:16 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT2015-07-25 21:06 - 2015-04-04 23:14 - 00000000 ___SD C:\Windows\system32\GWX2015-07-25 18:12 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache2015-07-23 19:12 - 2015-03-25 15:20 - 00000000 ____D C:\Program Files\Microsoft Office 152015-07-23 19:11 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData2015-07-23 19:11 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore2015-07-23 19:11 - 2013-08-22 10:44 - 00481880 _____ C:\Windows\system32\FNTCACHE.DAT2015-07-22 18:05 - 2015-04-17 16:56 - 00000000 ____D C:\Users\Amirtha\Documents\ID2015-07-21 00:26 - 2015-04-26 15:46 - 00000000 ____D C:\ProgramData\Norton2015-07-20 12:54 - 2015-04-03 14:35 - 00000000 ____D C:\Windows\system32\appraiser2015-07-20 12:54 - 2015-03-25 15:43 - 00000000 ___SD C:\Windows\system32\CompatTel2015-07-20 12:54 - 2015-03-25 14:45 - 00000000 ____D C:\Windows\system32\MRT2015-07-20 12:51 - 2015-04-04 23:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-07-15 21:05 - 2015-04-26 05:54 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA2015-07-15 21:05 - 2015-04-26 05:54 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core2015-07-15 20:28 - 2015-03-25 14:16 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-07-15 20:28 - 2015-03-25 14:16 - 00003662 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-07-15 20:28 - 2015-03-25 14:16 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-07-13 17:10 - 2013-08-22 11:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-07-13 17:10 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-07-09 17:08 - 2015-03-25 14:50 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\iSkysoft2015-07-08 01:05 - 2015-04-03 14:31 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\VMware ==================== Files in the root of some directories ======= 2015-03-25 14:20 - 2015-03-25 14:20 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe2015-03-25 13:48 - 2015-08-06 18:37 - 0000094 _____ () C:\Users\Amirtha\AppData\Roaming\sp_data.sys2014-09-24 08:20 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd2014-09-24 08:20 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe2014-09-24 08:20 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Files to move or delete:====================C:\ProgramData\SetStretch.VBS ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-06 14:09 Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015Ran by Amirtha (2015-08-06 21:19:08)Running from C:\Users\Amirtha\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2597420283-1509548883-3541148938-500 - Administrator - Disabled)Amirtha (S-1-5-21-2597420283-1509548883-3541148938-1001 - Administrator - Enabled) => C:\Users\AmirthaGuest (S-1-5-21-2597420283-1509548883-3541148938-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2597420283-1509548883-3541148938-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASUS GIFTBOX Desktop (HKLM-x32\...\{9110969C-A4E5-4112-93A3-A8686BF7444C}) (Version: 1.0.2 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.3 - ASUS)ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.35.56 - Conexant)CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.1 - Genesys Logic)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) HiddenIntel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3910 - Intel Corporation)Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)Intel® Wireless Bluetooth®(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)iSkysoft PDF Editor(Build 4.0.1) (HKLM-x32\...\{4D91F5A1-EBFB-4735-8D51-BA8EA10407C4}_is1) (Version: 4.0.1.1 - iSkysoft Studio)iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.31481 - Juniper Networks)Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)NVIDIA Graphics Driver 333.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.02 - NVIDIA Corporation)NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) HiddenRealtek USB Fast Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{D2B61BE0-B18B-4091-81B4-F234F4C30DFD}) (Version: 8.13.106.2014 - Realtek)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenWebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.0.496 - ASUS Cloud Corporation)WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent)Windows Driver Package - ASUS (ATP) Mouse (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 28-07-2015 17:41:53 Windows Update01-08-2015 17:02:57 Removed VMware Horizon Client ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2015-05-02 23:50 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07E11E61-B05F-454C-98DA-09F353281631} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)Task: {21AAB683-0FA7-4896-BAA2-36E85A5483AB} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()Task: {31112FCF-FFBE-4A8F-A19A-AD9C84E24475} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-25] ()Task: {34ABDD7D-5EC9-4285-A962-66E3671FBF55} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)Task: {3E04A210-84AD-4718-82A9-C0CB664472BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)Task: {3ECF03B9-E70C-4D8A-B9E1-F93D12CAD6CF} - \ProPCCleaner_Popup No Task File <==== ATTENTIONTask: {46E5B7CD-AB5B-4192-919B-D3AFC8EA45A8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-07-09] (ASUSTek Computer Inc.)Task: {5DB393D4-0F04-4416-B263-773662D80B6C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)Task: {6736C0F6-BBA7-4474-8CDF-FA622CE215DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)Task: {6E97DBA5-4FF1-42EB-9B2F-08266CC86E30} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)Task: {6F8F2FEC-9FC0-4834-8883-8667951CEA8C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)Task: {71C881CE-67CA-4CCB-9627-CDA96E2913B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)Task: {74CE611A-A815-4475-A325-2A29DB0852BE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)Task: {874FA9D7-AF5C-4E99-9D15-FA927795E404} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)Task: {9910D1D8-E3DC-4239-A2BA-771CC3C668ED} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)Task: {9CD71F32-EA36-497B-BFD4-510B0E828424} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)Task: {A1BE3552-7024-49C4-BFE9-9C267A31531E} - \ProPCCleaner_Start No Task File <==== ATTENTIONTask: {C79123E0-3B58-4E59-9E17-34AE707C1111} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)Task: {CF2A6C4E-4C27-424E-887F-37268A66495F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)Task: {D007BA91-40CE-4393-BEC0-3B4E47D00D9C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)Task: {E15EE38F-49FD-4B96-80DE-D879B8988540} - System32\Tasks\Microsoft Office 15 Sync Maintenance for AmrLaptop-Amirtha AmrLaptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)Task: {E844DF20-238B-43E1-90D2-3EC9E326114F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)Task: {EB766905-223B-4F27-8179-84E2889E2217} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.)Task: {EDC6E4C4-79E2-44D3-9230-5D720DE9BE46} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)Task: {FC11FC05-24E3-41AD-B4A9-F74AD815560E} - System32\Tasks\ASUS GIFTBOX Desktop => C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [2014-08-07] (ASUS)Task: {FC59D6FC-FD25-4A59-A220-FD0B15C7665C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core.job => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA.job => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-11-09 03:48 - 2014-04-08 17:06 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-03-25 14:48 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2015-03-25 15:20 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2013-12-04 12:44 - 2013-12-04 12:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe2013-12-04 12:44 - 2013-12-04 12:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll2013-12-04 12:44 - 2013-12-04 12:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll2015-03-25 15:21 - 2015-03-25 15:21 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-11-09 03:54 - 2014-02-25 23:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe2015-02-12 23:56 - 2015-02-12 23:56 - 01374504 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSService.exe2014-11-09 03:47 - 2013-12-09 19:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2015-03-25 15:20 - 2015-03-25 15:21 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll2015-07-28 13:54 - 2015-07-25 04:46 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll2015-07-28 13:54 - 2015-07-25 04:46 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll2015-03-25 15:20 - 2015-03-25 15:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll2015-03-25 15:20 - 2015-03-25 15:20 - 00196264 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\IEAWSDC.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Amirtha\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Amirtha\Pictures\IMG_20150120_074117296.jpgDNS Servers: 192.168.1.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "BTMTrayAgent"HKLM\...\StartupApproved\Run: => "NvBackend"HKLM\...\StartupApproved\Run: => "SmartAudio"HKLM\...\StartupApproved\Run: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "ApnTBMon"HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_600696EEBA989FB199FFA71303940F4C" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{564A4039-5CE5-402F-8AD0-C0C53DDC38B7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{d05fc355-7378-4131-b023-8aa91373d69c}] => (Allow) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exeFirewallRules: [{4626103B-7061-43AC-AB38-DB80B71C057C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{CD8D5654-3D5F-454D-AE7F-4DCBF6A23CAE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{3BDE4E91-8E8E-4B1F-A277-53B26B7E155E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exeFirewallRules: [{8F79737D-65EE-4383-879C-DF3BEA8A4691}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exeFirewallRules: [{73D1543A-7CAE-4D5B-8337-D555B3F19CDA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exeFirewallRules: [{4C32EAE7-54FD-4E48-8160-12203E33E23E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exeFirewallRules: [{F7A50E78-F9AC-4053-A144-5497D535408E}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exeFirewallRules: [{A31D41C2-7737-4D2E-BC78-DCB29AD494E8}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exeFirewallRules: [{C7BA097B-0D59-4BB4-9C83-DDC9898BC8B4}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exeFirewallRules: [{CB2177EF-112F-42C5-86EA-9B849EECC46A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exeFirewallRules: [{343260F8-1AD6-456C-89F6-69E69901FDF9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exeFirewallRules: [{9E6151AC-D972-4B15-91C0-EF9911885F01}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exeFirewallRules: [{FCAB22D1-FF1D-408A-9C91-D6B4D3AFC924}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{2835F212-5CDF-44E5-9B1E-042B583F2C40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{5E4DFB9D-D633-47D0-B92F-F7CA9CC89F94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{6D91F745-31C8-4A64-B4F2-FAEC7F973F3E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{02CFB4C8-05D7-4446-A091-759E9464A8BD}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{2033691C-1471-49BE-96F2-758B1941E1EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/04/2015 08:12:29 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bbFaulting module name: MSHTML.dll, version: 11.0.9600.17924, time stamp: 0x5595ab25Exception code: 0xc0000005Fault offset: 0x00849bc6Faulting process id: 0xe94Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Faulting package full name: IEXPLORE.EXE4Faulting package-relative application ID: IEXPLORE.EXE5 Error: (08/03/2015 03:21:48 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bbFaulting module name: MSHTML.dll, version: 11.0.9600.17924, time stamp: 0x5595ab25Exception code: 0xc0000005Fault offset: 0x00649694Faulting process id: 0x1d18Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Faulting package full name: IEXPLORE.EXE4Faulting package-relative application ID: IEXPLORE.EXE5 Error: (08/03/2015 03:06:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/03/2015 02:10:34 PM) (Source: SideBySide) (EventID: 35) (User: )Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.Component identity found in manifest does not match the identity of the component requested.Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".Please use sxstrace.exe for detailed diagnosis. Error: (08/03/2015 01:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1672 Error: (08/03/2015 01:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1672 Error: (08/03/2015 01:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/03/2015 11:58:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/02/2015 10:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1078 Error: (08/02/2015 10:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1078 System errors:=============Error: (08/06/2015 07:46:42 PM) (Source: DCOM) (EventID: 10010) (User: AmrLaptop)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (08/06/2015 07:46:12 PM) (Source: DCOM) (EventID: 10010) (User: AmrLaptop)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (08/06/2015 02:10:22 PM) (Source: DCOM) (EventID: 10010) (User: AmrLaptop)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (08/06/2015 02:09:52 PM) (Source: DCOM) (EventID: 10010) (User: AmrLaptop)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (08/05/2015 11:13:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40. Error: (08/05/2015 10:17:22 PM) (Source: DCOM) (EventID: 10010) (User: AmrLaptop)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (08/04/2015 11:10:06 PM) (Source: DCOM) (EventID: 10010) (User: AmrLaptop)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (08/04/2015 06:53:00 PM) (Source: DCOM) (EventID: 10010) (User: AmrLaptop)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (08/03/2015 02:11:24 PM) (Source: DCOM) (EventID: 10010) (User: AmrLaptop)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (08/03/2015 02:10:54 PM) (Source: DCOM) (EventID: 10010) (User: AmrLaptop)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office:=========================Error: (08/04/2015 08:12:29 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17840555fe1bbMSHTML.dll11.0.9600.179245595ab25c000000500849bc6e9401d0ceea5f074e5aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MSHTML.dlla831143e-3b06-11e5-8270-28b2bde0826e Error: (08/03/2015 03:21:48 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17840555fe1bbMSHTML.dll11.0.9600.179245595ab25c0000005006496941d1801d0ce2143922461C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MSHTML.dlle26ab6d7-3a14-11e5-8270-28b2bde0826e Error: (08/03/2015 03:06:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/03/2015 02:10:34 PM) (Source: SideBySide) (EventID: 35) (User: )Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1 Error: (08/03/2015 01:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1672 Error: (08/03/2015 01:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1672 Error: (08/03/2015 01:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/03/2015 11:58:41 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/02/2015 10:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1078 Error: (08/02/2015 10:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1078 ==================== Memory info =========================== Processor: Intel® Core i7-4510U CPU @ 2.00GHzPercentage of memory in use: 47%Total physical RAM: 12176.91 MBAvailable physical RAM: 6368.27 MBTotal Virtual: 14096.91 MBAvailable Virtual: 6423.51 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:14.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Data) (Fixed) (Total:130.86 GB) (Free:130.75 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 238.5 GB) (Disk ID: E63C06DC) Partition: GPT Partition Type. Link to post Share on other sites More sharing options...
MrCharlie Posted August 7, 2015 ID:981867 Share Posted August 7, 2015 Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe. Run FRST.exe/FRST64.exe and click Fix only once and wait The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. ===================== Lets check for any adware/spyware now: Please download AdwCleaner from HERE or HERE to your desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program that may have been targeted by mistake.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Last.................. Please Update and run a Threat Scan (Malwarebytes) Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware Same for PUM (Potentially Unwanted Modifications) Quarantine All that's found Let me know how it is.....MrCfixlist.txt Link to post Share on other sites More sharing options...
amirtha Posted August 7, 2015 Author ID:981870 Share Posted August 7, 2015 I did this out of order, I hope I didn't mess up too much. I got the adwcleaner, and removed some file or the other from chrome. repeat malwarebytes scan didn't show anything. Then only did I download your attatchement and do a "fix' on frst64.but here are my logs:and thank you for doing this with me! Fix result of Farbar Recovery Scan Tool (x64) Version:06-08-2015Ran by Amirtha (2015-08-07 00:23:45) Run:1Running from C:\Users\Amirtha\DownloadsLoaded Profiles: Amirtha & (Available Profiles: Amirtha)Boot Mode: Normal============================================== fixlist content:*****************CreateRestorePoint:CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONBHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No FileCHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.goog...ice/update2/crxCHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crxCHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.goog...ice/update2/crxCHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crxS2 0238291429823418mcinstcleanup; C:\Windows\TEMP\023829~1.EXE -cleanup -nolog [X]U0 msahci; system32\drivers\msahci.sys [X]2014-09-24 08:20 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd2014-09-24 08:20 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe2014-09-24 08:20 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBSC:\ProgramData\SetStretch.VBSAlternateDataStreams: C:\Users\Amirtha\OneDrive:ms-properties***************** Restore point was successfully created."HKLM\SOFTWARE\Policies\Google" => key removed successfully"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully"HKLM\SOFTWARE\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => key removed successfully"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => key removed successfully"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully0238291429823418mcinstcleanup => service removed successfullymsahci => service removed successfullyC:\ProgramData\SetStretch.cmd => moved successfully.C:\ProgramData\SetStretch.exe => moved successfully.C:\ProgramData\SetStretch.VBS => moved successfully."C:\ProgramData\SetStretch.VBS" => File/Folder not found.C:\Users\Amirtha\OneDrive => ":ms-properties" ADS removed successfully. # AdwCleaner v4.208 - Logfile created 07/08/2015 at 00:14:56# Updated 09/07/2015 by Xplode# Database : 2015-08-01.1 [server]# Operating system : Windows 8.1 (x64)# Username : Amirtha - AMRLAPTOP# Running from : C:\Users\Amirtha\Downloads\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apnFile Deleted : C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorageFile Deleted : C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Google Chrome v44.0.2403.130 ************************* AdwCleaner[R0].txt - [1140 bytes] - [07/08/2015 00:06:56]AdwCleaner[R1].txt - [1199 bytes] - [07/08/2015 00:09:35]AdwCleaner[s0].txt - [1132 bytes] - [07/08/2015 00:14:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1191 bytes] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted August 7, 2015 ID:981964 Share Posted August 7, 2015 How is it??? Please re-scan with FRST and Make sure the Addition Box is checked. http://www.fixitpc.pl/picasso/images/malware/tools/frst/frst_win05.png Post or attach the 2 logs FRST.txt and Addition.txt MrC Link to post Share on other sites More sharing options...
amirtha Posted August 7, 2015 Author ID:981968 Share Posted August 7, 2015 sorry bout that, here is some more logs.ps, what are you looking for in the logs and where did you learn this stuff? I'll bet at least part of it was that you followed the instructions yourself instead of asking someone to help do it for you! Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015Ran by Amirtha (2015-08-07 08:51:08)Running from C:\Users\Amirtha\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2597420283-1509548883-3541148938-500 - Administrator - Disabled)Amirtha (S-1-5-21-2597420283-1509548883-3541148938-1001 - Administrator - Enabled) => C:\Users\AmirthaGuest (S-1-5-21-2597420283-1509548883-3541148938-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2597420283-1509548883-3541148938-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASUS GIFTBOX Desktop (HKLM-x32\...\{9110969C-A4E5-4112-93A3-A8686BF7444C}) (Version: 1.0.2 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.3 - ASUS)ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.35.56 - Conexant)CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.1 - Genesys Logic)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) HiddenIntel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3910 - Intel Corporation)Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)Intel® Wireless Bluetooth®(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)iSkysoft PDF Editor(Build 4.0.1) (HKLM-x32\...\{4D91F5A1-EBFB-4735-8D51-BA8EA10407C4}_is1) (Version: 4.0.1.1 - iSkysoft Studio)iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.31481 - Juniper Networks)Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)NVIDIA Graphics Driver 333.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.02 - NVIDIA Corporation)NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) HiddenRealtek USB Fast Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{D2B61BE0-B18B-4091-81B4-F234F4C30DFD}) (Version: 8.13.106.2014 - Realtek)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenWebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.0.496 - ASUS Cloud Corporation)WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent)Windows Driver Package - ASUS (ATP) Mouse (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 28-07-2015 17:41:53 Windows Update01-08-2015 17:02:57 Removed VMware Horizon Client07-08-2015 00:23:46 Restore Point Created by FRST ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2015-05-02 23:50 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07E11E61-B05F-454C-98DA-09F353281631} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)Task: {21AAB683-0FA7-4896-BAA2-36E85A5483AB} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()Task: {31112FCF-FFBE-4A8F-A19A-AD9C84E24475} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-25] ()Task: {34ABDD7D-5EC9-4285-A962-66E3671FBF55} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)Task: {3E04A210-84AD-4718-82A9-C0CB664472BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)Task: {3ECF03B9-E70C-4D8A-B9E1-F93D12CAD6CF} - \ProPCCleaner_Popup No Task File <==== ATTENTIONTask: {46E5B7CD-AB5B-4192-919B-D3AFC8EA45A8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-07-09] (ASUSTek Computer Inc.)Task: {5DB393D4-0F04-4416-B263-773662D80B6C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)Task: {6736C0F6-BBA7-4474-8CDF-FA622CE215DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)Task: {6E97DBA5-4FF1-42EB-9B2F-08266CC86E30} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)Task: {6F8F2FEC-9FC0-4834-8883-8667951CEA8C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)Task: {71C881CE-67CA-4CCB-9627-CDA96E2913B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)Task: {74CE611A-A815-4475-A325-2A29DB0852BE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)Task: {874FA9D7-AF5C-4E99-9D15-FA927795E404} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)Task: {8B5DA54A-F3B4-472F-A76D-9FCD36E0FF77} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)Task: {9910D1D8-E3DC-4239-A2BA-771CC3C668ED} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)Task: {9CD71F32-EA36-497B-BFD4-510B0E828424} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)Task: {A1BE3552-7024-49C4-BFE9-9C267A31531E} - \ProPCCleaner_Start No Task File <==== ATTENTIONTask: {C79123E0-3B58-4E59-9E17-34AE707C1111} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)Task: {CF2A6C4E-4C27-424E-887F-37268A66495F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)Task: {E15EE38F-49FD-4B96-80DE-D879B8988540} - System32\Tasks\Microsoft Office 15 Sync Maintenance for AmrLaptop-Amirtha AmrLaptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)Task: {E844DF20-238B-43E1-90D2-3EC9E326114F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)Task: {EB766905-223B-4F27-8179-84E2889E2217} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.)Task: {EDC6E4C4-79E2-44D3-9230-5D720DE9BE46} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)Task: {FC11FC05-24E3-41AD-B4A9-F74AD815560E} - System32\Tasks\ASUS GIFTBOX Desktop => C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [2014-08-07] (ASUS)Task: {FC59D6FC-FD25-4A59-A220-FD0B15C7665C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core.job => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA.job => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-11-09 03:48 - 2014-04-08 17:06 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-03-25 14:48 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2015-03-25 15:20 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2013-12-04 12:44 - 2013-12-04 12:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe2013-12-04 12:44 - 2013-12-04 12:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll2013-12-04 12:44 - 2013-12-04 12:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll2015-03-25 15:21 - 2015-03-25 15:21 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-11-09 03:54 - 2014-02-25 23:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe2015-02-12 23:56 - 2015-02-12 23:56 - 01374504 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSService.exe2015-03-25 15:20 - 2015-03-25 15:21 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll2014-11-09 03:47 - 2013-12-09 19:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2015-08-05 22:34 - 2015-07-31 02:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll2015-08-05 22:34 - 2015-07-31 02:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll2015-08-05 22:34 - 2015-07-31 02:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Amirtha\Pictures\IMG_20150120_074117296.jpgDNS Servers: 192.168.1.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "BTMTrayAgent"HKLM\...\StartupApproved\Run: => "NvBackend"HKLM\...\StartupApproved\Run: => "SmartAudio"HKLM\...\StartupApproved\Run: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "ApnTBMon"HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_600696EEBA989FB199FFA71303940F4C" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{564A4039-5CE5-402F-8AD0-C0C53DDC38B7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{d05fc355-7378-4131-b023-8aa91373d69c}] => (Allow) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exeFirewallRules: [{4626103B-7061-43AC-AB38-DB80B71C057C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{CD8D5654-3D5F-454D-AE7F-4DCBF6A23CAE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{3BDE4E91-8E8E-4B1F-A277-53B26B7E155E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exeFirewallRules: [{8F79737D-65EE-4383-879C-DF3BEA8A4691}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exeFirewallRules: [{73D1543A-7CAE-4D5B-8337-D555B3F19CDA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exeFirewallRules: [{4C32EAE7-54FD-4E48-8160-12203E33E23E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exeFirewallRules: [{F7A50E78-F9AC-4053-A144-5497D535408E}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exeFirewallRules: [{A31D41C2-7737-4D2E-BC78-DCB29AD494E8}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exeFirewallRules: [{C7BA097B-0D59-4BB4-9C83-DDC9898BC8B4}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exeFirewallRules: [{CB2177EF-112F-42C5-86EA-9B849EECC46A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exeFirewallRules: [{343260F8-1AD6-456C-89F6-69E69901FDF9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exeFirewallRules: [{9E6151AC-D972-4B15-91C0-EF9911885F01}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exeFirewallRules: [{FCAB22D1-FF1D-408A-9C91-D6B4D3AFC924}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{2835F212-5CDF-44E5-9B1E-042B583F2C40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{5E4DFB9D-D633-47D0-B92F-F7CA9CC89F94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{6D91F745-31C8-4A64-B4F2-FAEC7F973F3E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{02CFB4C8-05D7-4446-A091-759E9464A8BD}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{2033691C-1471-49BE-96F2-758B1941E1EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/07/2015 12:36:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/07/2015 12:23:46 AM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9966fa96-0eef-4d97-824b-a2147b9dfe4c} Error: (08/07/2015 12:15:18 AM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (08/07/2015 12:15:18 AM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (08/04/2015 08:12:29 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bbFaulting module name: MSHTML.dll, version: 11.0.9600.17924, time stamp: 0x5595ab25Exception code: 0xc0000005Fault offset: 0x00849bc6Faulting process id: 0xe94Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Faulting package full name: IEXPLORE.EXE4Faulting package-relative application ID: IEXPLORE.EXE5 Error: (08/03/2015 03:21:48 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bbFaulting module name: MSHTML.dll, version: 11.0.9600.17924, time stamp: 0x5595ab25Exception code: 0xc0000005Fault offset: 0x00649694Faulting process id: 0x1d18Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Faulting package full name: IEXPLORE.EXE4Faulting package-relative application ID: IEXPLORE.EXE5 Error: (08/03/2015 03:06:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/03/2015 02:10:34 PM) (Source: SideBySide) (EventID: 35) (User: )Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.Component identity found in manifest does not match the identity of the component requested.Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".Please use sxstrace.exe for detailed diagnosis. Error: (08/03/2015 01:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1672 Error: (08/03/2015 01:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1672 System errors:=============Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: %%1069 Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Search service failed to start due to the following error: %%1069 Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7038) (User: )Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Search service failed to start due to the following error: %%1069 Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7038) (User: )Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Juniper Network Connect Service service failed to start due to the following error: %%109 Error: (08/07/2015 12:15:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (08/07/2015 12:15:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (08/07/2015 12:15:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (08/07/2015 12:14:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s). Microsoft Office:=========================Error: (08/07/2015 12:36:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/07/2015 12:23:46 AM) (Source: VSS) (EventID: 8194) (User: )Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9966fa96-0eef-4d97-824b-a2147b9dfe4c} Error: (08/07/2015 12:15:18 AM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (08/07/2015 12:15:18 AM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (08/04/2015 08:12:29 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17840555fe1bbMSHTML.dll11.0.9600.179245595ab25c000000500849bc6e9401d0ceea5f074e5aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MSHTML.dlla831143e-3b06-11e5-8270-28b2bde0826e Error: (08/03/2015 03:21:48 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17840555fe1bbMSHTML.dll11.0.9600.179245595ab25c0000005006496941d1801d0ce2143922461C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MSHTML.dlle26ab6d7-3a14-11e5-8270-28b2bde0826e Error: (08/03/2015 03:06:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/03/2015 02:10:34 PM) (Source: SideBySide) (EventID: 35) (User: )Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1 Error: (08/03/2015 01:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1672 Error: (08/03/2015 01:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1672 ==================== Memory info =========================== Processor: Intel® Core i7-4510U CPU @ 2.00GHzPercentage of memory in use: 35%Total physical RAM: 12176.91 MBAvailable physical RAM: 7871.36 MBTotal Virtual: 14096.91 MBAvailable Virtual: 8945.89 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:14.05 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Data) (Fixed) (Total:130.86 GB) (Free:130.75 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 238.5 GB) (Disk ID: E63C06DC) Partition: GPT Partition Type.Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015Ran by Amirtha (administrator) on AMRLAPTOP (07-08-2015 08:50:46)Running from C:\Users\Amirtha\DownloadsLoaded Profiles: Amirtha (Available Profiles: Amirtha)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Intel Corporation) C:\Windows\System32\igfxTray.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe() C:\Windows\SysWOW64\UMonit64.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSPanel.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe() C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-17] (Intel Corporation)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915160 2014-04-18] (Conexant Systems, Inc.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\ASUSWSLoader.exe [63272 2015-02-12] ()HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Run: [GoogleChromeAutoLaunch_600696EEBA989FB199FFA71303940F4C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Run: [Google Update] => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-26] (Google Inc.)HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-03-25]ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJBHKU\S-1-5-21-2597420283-1509548883-3541148938-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJBSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-25] (LastPass)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-26] (Oracle Corporation)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-25] (LastPass)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-26] (Oracle Corporation)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-25] (LastPass)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-25] (LastPass)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cabDPF: HKLM-x32 {575AC44B-C254-48B4-8102-20F29D72A60E} https://access.erlanger.org/dsh/02020310/html/,DanaInfo=dashboard.smshealthconx.net,SSL+SMSDSHSETFOREGROUND.CABDPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://access.erlanger.org/dana-cached/sc/JuniperSetupClient.cabDPF: HKLM-x32 {FD0ECA0C-6403-48CB-91C0-6C73EF7771AA} https://access.erlanger.org/dsh/02020310/html/,DanaInfo=dashboard.smshealthconx.net,SSL+SMSDSHDOWNLOAD.CABHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-25] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{9E0DF1D1-B0D9-4E0F-AAFE-E3A5FCA26F3D}: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-25] (LastPass)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-26] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-26] (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-25] (LastPass)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-25] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amirtha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @talk.google.com/O1DPlugin -> C:\Users\Amirtha\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Amirtha\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Amirtha\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-08-07] Chrome: =======CHR Profile: C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]CHR Extension: (Google Docs) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]CHR Extension: (Google Drive) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-25]CHR Extension: (YouTube) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-25]CHR Extension: (Google Cast) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-08-02]CHR Extension: (Adblock Plus) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-03]CHR Extension: (Norton Security Toolbar) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-06-30]CHR Extension: (Google Search) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-25]CHR Extension: (FlashFree) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmieckllmmifjjbipnppinpiohpfahm [2015-04-03]CHR Extension: (Google Sheets) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-25]CHR Extension: (AdBlock) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-03]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]CHR Extension: (Flashcontrol) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-04-03]CHR Extension: (Ghostery) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-03]CHR Extension: (Chrome Web Store Payments) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-25]CHR Extension: (Adblock Pro) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-04-03]CHR Extension: (Gmail) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-25]CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-26]CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-26] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-17] (Intel Corporation)R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-17] (Intel Corporation)R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-17] (Intel Corporation)R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-17] (Intel Corporation)R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-07] (Intel Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-08-27] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-03-31] (ASUS Corporation)S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-17] (Intel Corporation)R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-17] (Intel Corporation)R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-17] (Intel Corporation)R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-17] (Intel Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [220104 2014-08-07] (Intel Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150806.001\IDSvia64.sys [692984 2015-07-01] (Symantec Corporation)R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-07] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150806.016\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150806.016\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-26] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-07 00:05 - 2015-08-07 00:14 - 00000000 ____D C:\AdwCleaner2015-08-07 00:05 - 2015-08-07 00:05 - 02248704 _____ C:\Users\Amirtha\Downloads\AdwCleaner.exe2015-08-06 21:19 - 2015-08-06 21:19 - 00030422 _____ C:\Users\Amirtha\Downloads\Addition.txt2015-08-06 21:18 - 2015-08-07 08:50 - 00029134 _____ C:\Users\Amirtha\Downloads\FRST.txt2015-08-06 21:18 - 2015-08-07 08:50 - 00000000 ____D C:\FRST2015-08-06 21:16 - 2015-08-06 21:17 - 02170368 _____ (Farbar) C:\Users\Amirtha\Downloads\FRST64.exe2015-08-03 17:47 - 2015-08-03 17:47 - 00000407 _____ C:\Users\Amirtha\Downloads\Two_point_syncopation.mid2015-08-03 14:54 - 2015-08-03 14:54 - 00048679 _____ C:\Users\Amirtha\Downloads\Hep C Data 7 29 15.xlsx2015-08-03 14:54 - 2015-08-03 14:54 - 00001365 _____ C:\Users\Amirtha\Downloads\Hep C - upcoming appts 7 29 15.txt2015-08-03 14:54 - 2015-08-03 14:54 - 00000501 _____ C:\Users\Amirtha\Downloads\biopsy.txt2015-08-03 14:02 - 2015-08-07 05:55 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-08-03 14:02 - 2015-08-03 14:02 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-08-03 14:02 - 2015-08-03 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-03 14:02 - 2015-08-03 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes2015-08-03 14:02 - 2015-08-03 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-03 14:02 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-08-03 14:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-08-03 14:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-08-03 14:00 - 2015-08-03 14:00 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Amirtha\Downloads\mbam-setup-2.1.8.1057 (1).exe2015-08-03 13:20 - 2015-08-03 13:20 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Amirtha\Downloads\mbam-setup-2.1.8.1057.exe2015-08-01 06:52 - 2015-08-01 17:04 - 02097930 _____ C:\Users\Amirtha\Documents\AD excel_tutorial.xlsm2015-07-29 19:03 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll2015-07-29 19:03 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll2015-07-28 17:31 - 2015-07-28 17:31 - 00000000 ____D C:\Windows\System32\Tasks\Norton 3602015-07-28 13:15 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-07-26 15:28 - 2015-07-26 15:28 - 00081536 _____ C:\Users\Amirtha\Downloads\sent1to4.au2015-07-26 15:28 - 2015-07-26 15:28 - 00023834 _____ C:\Users\Amirtha\Downloads\sent2.au2015-07-26 14:20 - 2015-07-26 14:20 - 00001616 _____ C:\Users\Public\clientURLString.txt2015-07-26 14:19 - 2015-07-26 14:19 - 39334808 _____ (MyPublisher) C:\Users\Amirtha\Downloads\MyPublishersetup-USD-en-US (1).exe2015-07-26 13:49 - 2015-08-01 16:52 - 00000000 ____D C:\Program Files (x86)\MyPublisher2015-07-26 13:49 - 2015-07-26 13:49 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\MyPublisher2015-07-26 13:48 - 2015-07-26 13:49 - 20503688 _____ (MyPublisher) C:\Users\Amirtha\Downloads\MyPublishersetup-USD-en-US.exe2015-07-23 19:53 - 2015-07-23 19:53 - 00038665 _____ C:\Users\Amirtha\Downloads\Copy of Hep C Data 7.23.15.xlsx2015-07-23 19:53 - 2015-07-23 19:53 - 00001215 _____ C:\Users\Amirtha\Downloads\Hep C - upcoming appts 7.23.15.txt2015-07-22 17:32 - 2015-07-22 17:33 - 91931728 _____ (The GIMP Team ) C:\Users\Amirtha\Downloads\gimp-2.8.14-setup-1.exe2015-07-22 14:10 - 2015-08-04 12:52 - 00004986 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for AmrLaptop-Amirtha AmrLaptop2015-07-22 14:07 - 2015-07-22 14:07 - 00000000 ___SD C:\Users\Amirtha\Documents\My Data Sources2015-07-21 15:20 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-07-21 15:20 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2015-07-21 15:20 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2015-07-21 15:20 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-07-20 23:45 - 2015-07-31 13:32 - 00000000 ____D C:\Users\Amirtha\AppData\Local\NPE2015-07-20 12:56 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2015-07-20 12:56 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2015-07-20 12:56 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2015-07-20 12:56 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2015-07-20 11:38 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2015-07-20 11:38 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-07-20 11:38 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-07-20 11:38 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-07-20 11:38 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-07-20 11:38 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-07-20 11:38 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-07-20 11:38 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll2015-07-20 11:38 - 2015-05-11 14:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys2015-07-20 11:38 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll2015-07-20 11:38 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2015-07-20 11:38 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll2015-07-20 11:38 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2015-07-20 11:38 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll2015-07-20 11:38 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll2015-07-20 11:38 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll2015-07-20 11:38 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll2015-07-20 11:38 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll2015-07-20 11:38 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-07-20 11:38 - 2015-05-01 19:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml2015-07-20 11:38 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll2015-07-20 11:38 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls2015-07-20 11:38 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\system32\locale.nls2015-07-20 11:38 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys2015-07-20 11:38 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys2015-07-20 11:38 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys2015-07-20 11:38 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys2015-07-20 11:38 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys2015-07-20 11:38 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys2015-07-20 11:38 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys2015-07-20 11:37 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll2015-07-20 11:37 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll2015-07-20 11:16 - 2015-07-20 11:16 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\Apple Computer2015-07-20 11:16 - 2015-07-20 11:16 - 00000000 ____D C:\Users\Amirtha\AppData\Local\Apple Computer2015-07-20 11:16 - 2015-07-20 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-07-20 11:15 - 2015-07-20 11:16 - 00000000 ____D C:\Program Files\iTunes2015-07-20 11:15 - 2015-07-20 11:15 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Users\Amirtha\AppData\Local\Apple2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\ProgramData\Apple Computer2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\ProgramData\Apple2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files\iPod2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files\Common Files\Apple2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files\Bonjour2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files (x86)\iTunes2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files (x86)\Bonjour2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files (x86)\Apple Software Update2015-07-20 11:12 - 2015-07-20 11:13 - 155875632 _____ (Apple Inc.) C:\Users\Amirtha\Downloads\iTunes6464Setup.exe2015-07-18 12:49 - 2015-07-18 12:49 - 02129748 _____ C:\Users\Amirtha\Downloads\excel_tutorial.xlsm2015-07-17 22:11 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-07-17 22:11 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-07-17 22:11 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-07-17 22:11 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-07-17 22:11 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-07-17 22:11 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2015-07-17 22:11 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-07-17 22:11 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-07-17 22:11 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-07-17 22:11 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-07-17 22:11 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-07-17 22:11 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-07-17 22:11 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-07-17 22:11 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-07-17 22:11 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-07-17 22:11 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-07-17 22:10 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-07-17 22:10 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-07-17 22:10 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-07-17 22:10 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-07-17 22:10 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-07-17 22:10 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-07-17 22:10 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-07-17 22:10 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-07-17 22:10 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-07-17 22:10 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-07-17 22:10 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-07-17 22:10 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-07-17 22:10 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2015-07-17 22:10 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-07-17 22:10 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2015-07-17 22:10 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2015-07-17 22:10 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2015-07-17 22:10 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2015-07-17 22:10 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2015-07-17 22:10 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-07-17 22:10 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-07-17 22:10 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2015-07-17 22:10 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-07-17 22:10 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-07-17 22:10 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe2015-07-17 22:10 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2015-07-17 22:10 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe2015-07-17 22:10 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2015-07-17 22:10 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2015-07-17 22:10 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2015-07-17 22:10 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll2015-07-17 22:10 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll2015-07-17 22:10 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2015-07-17 22:09 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll2015-07-17 22:09 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll2015-07-17 22:09 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-07-17 22:09 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-07-17 22:09 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-07-17 22:09 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-07-17 22:09 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx2015-07-17 22:09 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-07-17 22:09 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-07-17 22:09 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2015-07-17 22:09 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-07-17 22:09 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-07-17 22:09 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-07-17 22:09 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-07-17 22:09 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-07-17 22:09 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2015-07-17 22:09 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-07-17 22:09 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-07-17 22:09 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-07-17 22:09 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-07-17 22:09 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-07-17 22:09 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-07-17 22:09 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2015-07-17 22:09 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-07-17 22:09 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-07-17 22:09 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2015-07-17 22:09 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-07-17 22:09 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-07-17 22:09 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-07-17 22:09 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-07-17 22:09 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-07-17 22:09 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-07-17 22:09 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2015-07-17 22:09 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-07-17 22:09 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-07-17 22:09 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2015-07-17 22:09 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2015-07-17 22:09 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll2015-07-10 09:39 - 2015-08-06 16:58 - 00000000 ___HD C:\$Windows.~BT2015-07-08 14:01 - 2015-08-01 17:05 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\Foxit Software ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-07 08:36 - 2015-03-25 13:48 - 00000094 _____ C:\Users\Amirtha\AppData\Roaming\sp_data.sys2015-08-07 08:36 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru2015-08-07 06:10 - 2015-04-26 05:54 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA.job2015-08-07 05:39 - 2015-03-25 13:57 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3E08DA1-F49A-4D07-B353-BBAC72CE1DE1}2015-08-07 05:05 - 2014-03-18 06:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI2015-08-07 00:33 - 2014-11-09 03:47 - 01906312 _____ C:\Windows\WindowsUpdate.log2015-08-07 00:22 - 2015-03-25 14:11 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\ASUS WebStorage2015-08-07 00:16 - 2015-03-25 14:16 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-07 00:16 - 2014-03-18 05:54 - 00079044 _____ C:\Windows\PFRO.log2015-08-07 00:16 - 2013-08-22 10:46 - 00034792 _____ C:\Windows\setupact.log2015-08-07 00:16 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-08-07 00:16 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM2015-08-07 00:15 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI2015-08-07 00:14 - 2015-06-21 10:43 - 00000000 ____D C:\Users\Amirtha\Desktop\TipsAndTechniques2015-08-07 00:14 - 2014-11-09 03:51 - 14399814 _____ C:\Users\Public\CAFADEBUG.log2015-08-06 21:10 - 2015-04-26 05:54 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core.job2015-08-06 17:00 - 2014-09-24 07:55 - 00000000 ____D C:\Windows\Panther2015-08-06 16:35 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness2015-08-06 12:57 - 2015-05-12 14:43 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update12015-08-06 12:57 - 2015-05-12 14:43 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update22015-08-05 23:09 - 2015-03-25 13:53 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2597420283-1509548883-3541148938-10012015-08-05 22:16 - 2015-03-25 13:48 - 00000000 ____D C:\Users\Amirtha\AppData\Local\Packages2015-08-04 22:57 - 2015-04-18 21:19 - 00000000 ____D C:\Users\Amirtha\Documents\checkouts2015-08-03 14:35 - 2014-03-18 05:45 - 00000000 ____D C:\Windows\ShellNew2015-08-01 17:06 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP2015-08-01 17:03 - 2015-06-27 18:37 - 00000000 ____D C:\Users\Amirtha\Documents\step 32015-08-01 16:46 - 2015-06-21 10:31 - 00000000 ____D C:\Users\Amirtha\Documents\board review2015-08-01 16:46 - 2015-03-29 16:28 - 00000000 ____D C:\Users\Amirtha\Documents\Tax2015-08-01 16:20 - 2015-04-25 10:34 - 00000000 ____D C:\Users\Amirtha\AppData\Local\CrashDumps2015-07-29 19:04 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp2015-07-29 08:30 - 2015-03-25 15:34 - 01479168 ___SH C:\Users\Amirtha\Downloads\Thumbs.db2015-07-28 17:26 - 2015-06-30 18:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602015-07-28 17:26 - 2015-04-26 16:16 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration2015-07-28 17:26 - 2015-04-26 16:16 - 00002259 _____ C:\Users\Public\Desktop\Norton 360.LNK2015-07-28 17:26 - 2015-04-26 16:16 - 00000000 ____D C:\Windows\system32\Drivers\N360x642015-07-28 13:54 - 2015-04-17 16:32 - 00361984 ___SH C:\Users\Amirtha\Desktop\Thumbs.db2015-07-26 16:34 - 2015-04-17 16:57 - 00242176 ___SH C:\Users\Amirtha\Documents\Thumbs.db2015-07-26 14:00 - 2015-04-26 16:16 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS2015-07-26 14:00 - 2015-04-26 16:16 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT2015-07-25 21:06 - 2015-04-04 23:14 - 00000000 ___SD C:\Windows\system32\GWX2015-07-25 18:12 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache2015-07-23 19:12 - 2015-03-25 15:20 - 00000000 ____D C:\Program Files\Microsoft Office 152015-07-23 19:11 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData2015-07-23 19:11 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore2015-07-23 19:11 - 2013-08-22 10:44 - 00481880 _____ C:\Windows\system32\FNTCACHE.DAT2015-07-22 18:05 - 2015-04-17 16:56 - 00000000 ____D C:\Users\Amirtha\Documents\ID2015-07-21 00:26 - 2015-04-26 15:46 - 00000000 ____D C:\ProgramData\Norton2015-07-20 12:54 - 2015-04-03 14:35 - 00000000 ____D C:\Windows\system32\appraiser2015-07-20 12:54 - 2015-03-25 15:43 - 00000000 ___SD C:\Windows\system32\CompatTel2015-07-20 12:54 - 2015-03-25 14:45 - 00000000 ____D C:\Windows\system32\MRT2015-07-20 12:51 - 2015-04-04 23:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-07-15 21:05 - 2015-04-26 05:54 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA2015-07-15 21:05 - 2015-04-26 05:54 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core2015-07-15 20:28 - 2015-03-25 14:16 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-07-15 20:28 - 2015-03-25 14:16 - 00003662 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-07-15 20:28 - 2015-03-25 14:16 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-07-13 17:10 - 2013-08-22 11:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-07-13 17:10 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-07-09 17:08 - 2015-03-25 14:50 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\iSkysoft2015-07-08 01:05 - 2015-04-03 14:31 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\VMware ==================== Files in the root of some directories ======= 2015-03-25 14:20 - 2015-03-25 14:20 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe2015-03-25 13:48 - 2015-08-07 08:36 - 0000094 _____ () C:\Users\Amirtha\AppData\Roaming\sp_data.sys Some files in TEMP:====================C:\Users\Amirtha\AppData\Local\Temp\Quarantine.exeC:\Users\Amirtha\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-06 14:09 Link to post Share on other sites More sharing options...
MrCharlie Posted August 7, 2015 ID:982003 Share Posted August 7, 2015 The logs look OK, are you still being hijacked???? MrC Link to post Share on other sites More sharing options...
amirtha Posted August 7, 2015 Author ID:982008 Share Posted August 7, 2015 No, I guess it hasn't happened lately. I'll have to see today as it pops up randomly. But so far so good. Thank you! Link to post Share on other sites More sharing options...
MrCharlie Posted August 7, 2015 ID:982021 Share Posted August 7, 2015 OK...let me know so we can clean up all the logs and tools. MrC Link to post Share on other sites More sharing options...
amirtha Posted August 7, 2015 Author ID:982023 Share Posted August 7, 2015 I think it's good! Is there more to do? Link to post Share on other sites More sharing options...
MrCharlie Posted August 7, 2015 ID:982024 Share Posted August 7, 2015 Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.If you can't post it, attach itMrC Link to post Share on other sites More sharing options...
amirtha Posted August 7, 2015 Author ID:982025 Share Posted August 7, 2015 Results of screen317's Security Check version 1.006 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 45 Java version 32-bit out of Date! Google Chrome (44.0.2403.125) Google Chrome (44.0.2403.130) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted August 7, 2015 ID:982030 Share Posted August 7, 2015 Out dated programs on the system are vulnerable to malware.Please update or uninstall them:============================Java 8 Update 45Java version 32-bit out of Date! <----please update, should be Java 8 Update 51Go to control panel > Java > Update Tab > Update NowUncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".If there's no update tab in Java, uninstall it and Download and install the latest version from HereUncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".==========================A little clean up to do....Please Uninstall ComboFix: (------->if you used it<-------)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter. (it may look like CF is re-installing but it's not)This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)---------------------------------Download Delfix from here and save it to your desktop. (you may already have this)Ensure Remove disinfection tools is checked.Click the Run button.RebootAny other programs or logs that are still remaining, you can manually delete. (right click.....Delete)-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
amirtha Posted August 9, 2015 Author ID:982209 Share Posted August 9, 2015 I updated Java, but I didn't see any box to uncheck.Now I'm getting the pop-ups again, and and these extra hyperlinks everywherekeeps opening new tabs about pc keeper. Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2015 ID:982210 Share Posted August 9, 2015 What browser does this happen???? Please re-scan with FRST and Make sure the Addition Box is checked. http://www.fixitpc.pl/picasso/images/malware/tools/frst/frst_win05.png Post or attach the 2 logs FRST.txt and Addition.txt MrC Link to post Share on other sites More sharing options...
amirtha Posted August 9, 2015 Author ID:982212 Share Posted August 9, 2015 I'm using chrome. Last time I removed the Ask-toolbar it removed the weird hyperlinks, but I'm not seeing it installed Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015Ran by Amirtha (administrator) on AMRLAPTOP (08-08-2015 21:47:26)Running from C:\Users\Amirtha\DownloadsLoaded Profiles: Amirtha (Available Profiles: Amirtha)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Intel Corporation) C:\Windows\System32\igfxTray.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe() C:\Windows\SysWOW64\UMonit64.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSPanel.exe() C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Users\Amirtha\Downloads\securitycheck.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x64__8wekyb3d8bbwe\glcnd.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{F5441321-F9A3-4349-ACD6-9837EB6E6635}\YSearchUtilSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-17] (Intel Corporation)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915160 2014-04-18] (Conexant Systems, Inc.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\ASUSWSLoader.exe [63272 2015-02-12] ()HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Run: [GoogleChromeAutoLaunch_600696EEBA989FB199FFA71303940F4C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Run: [Google Update] => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-26] (Google Inc.)HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-03-25]ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpsetHKU\S-1-5-21-2597420283-1509548883-3541148938-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJBSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001 -> {F821A98E-EAE1-4435-A62C-0255B88911CC} URL = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_defaultBHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-25] (LastPass)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-08] (Oracle Corporation)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-25] (LastPass)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-08] (Oracle Corporation)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-25] (LastPass)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-25] (LastPass)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cabDPF: HKLM-x32 {575AC44B-C254-48B4-8102-20F29D72A60E} https://access.erlanger.org/dsh/02020310/html/,DanaInfo=dashboard.smshealthconx.net,SSL+SMSDSHSETFOREGROUND.CABDPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://access.erlanger.org/dana-cached/sc/JuniperSetupClient.cabDPF: HKLM-x32 {FD0ECA0C-6403-48CB-91C0-6C73EF7771AA} https://access.erlanger.org/dsh/02020310/html/,DanaInfo=dashboard.smshealthconx.net,SSL+SMSDSHDOWNLOAD.CABHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-25] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{9E0DF1D1-B0D9-4E0F-AAFE-E3A5FCA26F3D}: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-25] (LastPass)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-08] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-08] (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-25] (LastPass)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-25] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amirtha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @talk.google.com/O1DPlugin -> C:\Users\Amirtha\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin HKU\S-1-5-21-2597420283-1509548883-3541148938-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Amirtha\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Amirtha\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-08-07] Chrome: =======CHR Profile: C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]CHR Extension: (Google Docs) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]CHR Extension: (Google Drive) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-25]CHR Extension: (YouTube) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-25]CHR Extension: (Google Cast) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-08-02]CHR Extension: (Adblock Plus) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-03]CHR Extension: (Norton Security Toolbar) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-06-30]CHR Extension: (Google Search) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-25]CHR Extension: (FlashFree) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmieckllmmifjjbipnppinpiohpfahm [2015-04-03]CHR Extension: (Google Sheets) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-25]CHR Extension: (AdBlock) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-03]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]CHR Extension: (Flashcontrol) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-04-03]CHR Extension: (Ghostery) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-03]CHR Extension: (Chrome Web Store Payments) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-25]CHR Extension: (Adblock Pro) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-04-03]CHR Extension: (Gmail) - C:\Users\Amirtha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-25]CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-26]CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-26]CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-17] (Intel Corporation)R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-17] (Intel Corporation)R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-17] (Intel Corporation)R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-17] (Intel Corporation)R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-07] (Intel Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-08-27] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{F5441321-F9A3-4349-ACD6-9837EB6E6635}\YSearchUtilSvc.exe [152344 2015-06-29] (Yahoo Inc.)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-03-31] (ASUS Corporation)S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150728.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-17] (Intel Corporation)R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-17] (Intel Corporation)R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-17] (Intel Corporation)R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-17] (Intel Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [220104 2014-08-07] (Intel Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150807.001\IDSvia64.sys [692984 2015-07-01] (Symantec Corporation)R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-08] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150808.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150808.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-26] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-08 21:19 - 2015-08-08 21:19 - 00000000 ____D C:\Users\Amirtha\AppData\Local\YSearchUtil2015-08-08 21:19 - 2015-08-08 21:19 - 00000000 ____D C:\Program Files (x86)\Yahoo!2015-08-07 15:16 - 2015-08-07 15:16 - 00852684 _____ C:\Users\Amirtha\Downloads\securitycheck.exe2015-08-07 00:05 - 2015-08-07 00:14 - 00000000 ____D C:\AdwCleaner2015-08-07 00:05 - 2015-08-07 00:05 - 02248704 _____ C:\Users\Amirtha\Downloads\AdwCleaner.exe2015-08-06 21:19 - 2015-08-07 08:51 - 00032036 _____ C:\Users\Amirtha\Downloads\Addition.txt2015-08-06 21:18 - 2015-08-08 21:47 - 00030790 _____ C:\Users\Amirtha\Downloads\FRST.txt2015-08-06 21:18 - 2015-08-08 21:47 - 00000000 ____D C:\FRST2015-08-06 21:16 - 2015-08-06 21:17 - 02170368 _____ (Farbar) C:\Users\Amirtha\Downloads\FRST64.exe2015-08-03 17:47 - 2015-08-03 17:47 - 00000407 _____ C:\Users\Amirtha\Downloads\Two_point_syncopation.mid2015-08-03 14:54 - 2015-08-03 14:54 - 00048679 _____ C:\Users\Amirtha\Downloads\Hep C Data 7 29 15.xlsx2015-08-03 14:54 - 2015-08-03 14:54 - 00001365 _____ C:\Users\Amirtha\Downloads\Hep C - upcoming appts 7 29 15.txt2015-08-03 14:54 - 2015-08-03 14:54 - 00000501 _____ C:\Users\Amirtha\Downloads\biopsy.txt2015-08-03 14:02 - 2015-08-08 20:40 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-08-03 14:02 - 2015-08-03 14:02 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-08-03 14:02 - 2015-08-03 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-03 14:02 - 2015-08-03 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes2015-08-03 14:02 - 2015-08-03 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-03 14:02 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-08-03 14:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-08-03 14:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-08-03 14:00 - 2015-08-03 14:00 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Amirtha\Downloads\mbam-setup-2.1.8.1057 (1).exe2015-08-03 13:20 - 2015-08-03 13:20 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Amirtha\Downloads\mbam-setup-2.1.8.1057.exe2015-08-01 06:52 - 2015-08-01 17:04 - 02097930 _____ C:\Users\Amirtha\Documents\AD excel_tutorial.xlsm2015-07-29 19:03 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll2015-07-29 19:03 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll2015-07-28 17:31 - 2015-07-28 17:31 - 00000000 ____D C:\Windows\System32\Tasks\Norton 3602015-07-28 13:15 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-07-26 15:28 - 2015-07-26 15:28 - 00081536 _____ C:\Users\Amirtha\Downloads\sent1to4.au2015-07-26 15:28 - 2015-07-26 15:28 - 00023834 _____ C:\Users\Amirtha\Downloads\sent2.au2015-07-26 14:20 - 2015-07-26 14:20 - 00001616 _____ C:\Users\Public\clientURLString.txt2015-07-26 14:19 - 2015-07-26 14:19 - 39334808 _____ (MyPublisher) C:\Users\Amirtha\Downloads\MyPublishersetup-USD-en-US (1).exe2015-07-26 13:49 - 2015-08-01 16:52 - 00000000 ____D C:\Program Files (x86)\MyPublisher2015-07-26 13:49 - 2015-07-26 13:49 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\MyPublisher2015-07-26 13:48 - 2015-07-26 13:49 - 20503688 _____ (MyPublisher) C:\Users\Amirtha\Downloads\MyPublishersetup-USD-en-US.exe2015-07-23 19:53 - 2015-07-23 19:53 - 00038665 _____ C:\Users\Amirtha\Downloads\Copy of Hep C Data 7.23.15.xlsx2015-07-23 19:53 - 2015-07-23 19:53 - 00001215 _____ C:\Users\Amirtha\Downloads\Hep C - upcoming appts 7.23.15.txt2015-07-22 17:32 - 2015-07-22 17:33 - 91931728 _____ (The GIMP Team ) C:\Users\Amirtha\Downloads\gimp-2.8.14-setup-1.exe2015-07-22 14:10 - 2015-08-04 12:52 - 00004986 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for AmrLaptop-Amirtha AmrLaptop2015-07-22 14:07 - 2015-07-22 14:07 - 00000000 ___SD C:\Users\Amirtha\Documents\My Data Sources2015-07-21 15:20 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-07-21 15:20 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2015-07-21 15:20 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2015-07-21 15:20 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-07-20 23:45 - 2015-07-31 13:32 - 00000000 ____D C:\Users\Amirtha\AppData\Local\NPE2015-07-20 12:56 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2015-07-20 12:56 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2015-07-20 12:56 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2015-07-20 12:56 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2015-07-20 11:38 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2015-07-20 11:38 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-07-20 11:38 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-07-20 11:38 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-07-20 11:38 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-07-20 11:38 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-07-20 11:38 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-07-20 11:38 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll2015-07-20 11:38 - 2015-05-11 14:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys2015-07-20 11:38 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll2015-07-20 11:38 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2015-07-20 11:38 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll2015-07-20 11:38 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2015-07-20 11:38 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll2015-07-20 11:38 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll2015-07-20 11:38 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll2015-07-20 11:38 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll2015-07-20 11:38 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll2015-07-20 11:38 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-07-20 11:38 - 2015-05-01 19:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml2015-07-20 11:38 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll2015-07-20 11:38 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls2015-07-20 11:38 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\system32\locale.nls2015-07-20 11:38 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys2015-07-20 11:38 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys2015-07-20 11:38 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys2015-07-20 11:38 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys2015-07-20 11:38 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys2015-07-20 11:38 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys2015-07-20 11:38 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys2015-07-20 11:37 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll2015-07-20 11:37 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll2015-07-20 11:16 - 2015-07-20 11:16 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\Apple Computer2015-07-20 11:16 - 2015-07-20 11:16 - 00000000 ____D C:\Users\Amirtha\AppData\Local\Apple Computer2015-07-20 11:16 - 2015-07-20 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-07-20 11:15 - 2015-07-20 11:16 - 00000000 ____D C:\Program Files\iTunes2015-07-20 11:15 - 2015-07-20 11:15 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Users\Amirtha\AppData\Local\Apple2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\ProgramData\Apple Computer2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\ProgramData\Apple2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files\iPod2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files\Common Files\Apple2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files\Bonjour2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files (x86)\iTunes2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files (x86)\Bonjour2015-07-20 11:15 - 2015-07-20 11:15 - 00000000 ____D C:\Program Files (x86)\Apple Software Update2015-07-20 11:12 - 2015-07-20 11:13 - 155875632 _____ (Apple Inc.) C:\Users\Amirtha\Downloads\iTunes6464Setup.exe2015-07-18 12:49 - 2015-07-18 12:49 - 02129748 _____ C:\Users\Amirtha\Downloads\excel_tutorial.xlsm2015-07-17 22:11 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-07-17 22:11 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-07-17 22:11 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-07-17 22:11 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-07-17 22:11 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-07-17 22:11 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2015-07-17 22:11 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-07-17 22:11 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-07-17 22:11 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-07-17 22:11 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-07-17 22:11 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-07-17 22:11 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-07-17 22:11 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-07-17 22:11 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-07-17 22:11 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-07-17 22:11 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-07-17 22:10 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-07-17 22:10 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-07-17 22:10 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-07-17 22:10 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-07-17 22:10 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-07-17 22:10 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-07-17 22:10 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-07-17 22:10 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-07-17 22:10 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-07-17 22:10 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-07-17 22:10 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-07-17 22:10 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-07-17 22:10 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2015-07-17 22:10 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-07-17 22:10 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2015-07-17 22:10 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2015-07-17 22:10 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2015-07-17 22:10 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2015-07-17 22:10 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2015-07-17 22:10 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-07-17 22:10 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-07-17 22:10 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2015-07-17 22:10 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-07-17 22:10 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-07-17 22:10 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe2015-07-17 22:10 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2015-07-17 22:10 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe2015-07-17 22:10 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2015-07-17 22:10 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2015-07-17 22:10 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2015-07-17 22:10 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll2015-07-17 22:10 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll2015-07-17 22:10 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2015-07-17 22:09 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll2015-07-17 22:09 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll2015-07-17 22:09 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-07-17 22:09 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-07-17 22:09 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-07-17 22:09 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-07-17 22:09 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx2015-07-17 22:09 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-07-17 22:09 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-07-17 22:09 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2015-07-17 22:09 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-07-17 22:09 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-07-17 22:09 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-07-17 22:09 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-07-17 22:09 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-07-17 22:09 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2015-07-17 22:09 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-07-17 22:09 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-07-17 22:09 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-07-17 22:09 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-07-17 22:09 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-07-17 22:09 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-07-17 22:09 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2015-07-17 22:09 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-07-17 22:09 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-07-17 22:09 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2015-07-17 22:09 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-07-17 22:09 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-07-17 22:09 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-07-17 22:09 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-07-17 22:09 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-07-17 22:09 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-07-17 22:09 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2015-07-17 22:09 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-07-17 22:09 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-07-17 22:09 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2015-07-17 22:09 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2015-07-17 22:09 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll2015-07-10 09:39 - 2015-08-06 16:58 - 00000000 ___HD C:\$Windows.~BT ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-08 21:43 - 2014-11-09 03:47 - 02093557 _____ C:\Windows\WindowsUpdate.log2015-08-08 21:21 - 2015-03-25 13:53 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2597420283-1509548883-3541148938-10012015-08-08 21:17 - 2015-04-26 06:05 - 00000000 ____D C:\ProgramData\Oracle2015-08-08 21:16 - 2015-04-26 06:05 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-08-08 21:16 - 2015-04-26 06:05 - 00000000 ____D C:\Program Files (x86)\Java2015-08-08 21:10 - 2015-04-26 05:54 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA.job2015-08-08 21:10 - 2015-04-26 05:54 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core.job2015-08-08 21:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru2015-08-08 20:40 - 2015-03-25 13:48 - 00000094 _____ C:\Users\Amirtha\AppData\Roaming\sp_data.sys2015-08-08 16:06 - 2015-05-12 14:43 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update12015-08-08 16:06 - 2015-05-12 14:43 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update22015-08-08 16:05 - 2015-03-25 13:57 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3E08DA1-F49A-4D07-B353-BBAC72CE1DE1}2015-08-07 05:05 - 2014-03-18 06:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI2015-08-07 00:22 - 2015-03-25 14:11 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\ASUS WebStorage2015-08-07 00:16 - 2015-03-25 14:16 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-07 00:16 - 2014-03-18 05:54 - 00079044 _____ C:\Windows\PFRO.log2015-08-07 00:16 - 2013-08-22 10:46 - 00034792 _____ C:\Windows\setupact.log2015-08-07 00:16 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-08-07 00:16 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM2015-08-07 00:15 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI2015-08-07 00:14 - 2015-06-21 10:43 - 00000000 ____D C:\Users\Amirtha\Desktop\TipsAndTechniques2015-08-07 00:14 - 2014-11-09 03:51 - 14542884 _____ C:\Users\Public\CAFADEBUG.log2015-08-06 17:00 - 2014-09-24 07:55 - 00000000 ____D C:\Windows\Panther2015-08-06 16:35 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness2015-08-05 22:16 - 2015-03-25 13:48 - 00000000 ____D C:\Users\Amirtha\AppData\Local\Packages2015-08-04 22:57 - 2015-04-18 21:19 - 00000000 ____D C:\Users\Amirtha\Documents\checkouts2015-08-03 14:35 - 2014-03-18 05:45 - 00000000 ____D C:\Windows\ShellNew2015-08-01 17:06 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP2015-08-01 17:05 - 2015-07-08 14:01 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\Foxit Software2015-08-01 17:03 - 2015-06-27 18:37 - 00000000 ____D C:\Users\Amirtha\Documents\step 32015-08-01 16:46 - 2015-06-21 10:31 - 00000000 ____D C:\Users\Amirtha\Documents\board review2015-08-01 16:46 - 2015-03-29 16:28 - 00000000 ____D C:\Users\Amirtha\Documents\Tax2015-08-01 16:20 - 2015-04-25 10:34 - 00000000 ____D C:\Users\Amirtha\AppData\Local\CrashDumps2015-07-29 19:04 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp2015-07-29 08:30 - 2015-03-25 15:34 - 01479168 ___SH C:\Users\Amirtha\Downloads\Thumbs.db2015-07-28 17:26 - 2015-06-30 18:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602015-07-28 17:26 - 2015-04-26 16:16 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration2015-07-28 17:26 - 2015-04-26 16:16 - 00002259 _____ C:\Users\Public\Desktop\Norton 360.LNK2015-07-28 17:26 - 2015-04-26 16:16 - 00000000 ____D C:\Windows\system32\Drivers\N360x642015-07-28 13:54 - 2015-04-17 16:32 - 00361984 ___SH C:\Users\Amirtha\Desktop\Thumbs.db2015-07-26 16:34 - 2015-04-17 16:57 - 00242176 ___SH C:\Users\Amirtha\Documents\Thumbs.db2015-07-26 14:00 - 2015-04-26 16:16 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS2015-07-26 14:00 - 2015-04-26 16:16 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT2015-07-25 21:06 - 2015-04-04 23:14 - 00000000 ___SD C:\Windows\system32\GWX2015-07-25 18:12 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache2015-07-23 19:12 - 2015-03-25 15:20 - 00000000 ____D C:\Program Files\Microsoft Office 152015-07-23 19:11 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData2015-07-23 19:11 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore2015-07-23 19:11 - 2013-08-22 10:44 - 00481880 _____ C:\Windows\system32\FNTCACHE.DAT2015-07-22 18:05 - 2015-04-17 16:56 - 00000000 ____D C:\Users\Amirtha\Documents\ID2015-07-21 00:26 - 2015-04-26 15:46 - 00000000 ____D C:\ProgramData\Norton2015-07-20 12:54 - 2015-04-03 14:35 - 00000000 ____D C:\Windows\system32\appraiser2015-07-20 12:54 - 2015-03-25 15:43 - 00000000 ___SD C:\Windows\system32\CompatTel2015-07-20 12:54 - 2015-03-25 14:45 - 00000000 ____D C:\Windows\system32\MRT2015-07-20 12:51 - 2015-04-04 23:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-07-15 21:05 - 2015-04-26 05:54 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA2015-07-15 21:05 - 2015-04-26 05:54 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core2015-07-15 20:28 - 2015-03-25 14:16 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-07-15 20:28 - 2015-03-25 14:16 - 00003662 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-07-15 20:28 - 2015-03-25 14:16 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-07-13 17:10 - 2013-08-22 11:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-07-13 17:10 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-07-09 17:08 - 2015-03-25 14:50 - 00000000 ____D C:\Users\Amirtha\AppData\Roaming\iSkysoft ==================== Files in the root of some directories ======= 2015-03-25 14:20 - 2015-03-25 14:20 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe2015-03-25 13:48 - 2015-08-08 20:40 - 0000094 _____ () C:\Users\Amirtha\AppData\Roaming\sp_data.sys Some files in TEMP:====================C:\Users\Amirtha\AppData\Local\Temp\jre-8u51-windows-au.exeC:\Users\Amirtha\AppData\Local\Temp\ytb.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-06 14:09 Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015Ran by Amirtha (2015-08-08 21:47:51)Running from C:\Users\Amirtha\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2597420283-1509548883-3541148938-500 - Administrator - Disabled)Amirtha (S-1-5-21-2597420283-1509548883-3541148938-1001 - Administrator - Enabled) => C:\Users\AmirthaGuest (S-1-5-21-2597420283-1509548883-3541148938-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2597420283-1509548883-3541148938-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASUS GIFTBOX Desktop (HKLM-x32\...\{9110969C-A4E5-4112-93A3-A8686BF7444C}) (Version: 1.0.2 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.3 - ASUS)ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.35.56 - Conexant)CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.1 - Genesys Logic)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) HiddenIntel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3910 - Intel Corporation)Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)Intel® Wireless Bluetooth®(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)iSkysoft PDF Editor(Build 4.0.1) (HKLM-x32\...\{4D91F5A1-EBFB-4735-8D51-BA8EA10407C4}_is1) (Version: 4.0.1.1 - iSkysoft Studio)iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.31481 - Juniper Networks)Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)NVIDIA Graphics Driver 333.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.02 - NVIDIA Corporation)NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) HiddenRealtek USB Fast Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{D2B61BE0-B18B-4091-81B4-F234F4C30DFD}) (Version: 8.13.106.2014 - Realtek)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenWebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.0.496 - ASUS Cloud Corporation)WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent)Windows Driver Package - ASUS (ATP) Mouse (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 28-07-2015 17:41:53 Windows Update01-08-2015 17:02:57 Removed VMware Horizon Client07-08-2015 00:23:46 Restore Point Created by FRST ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2015-05-02 23:50 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07E11E61-B05F-454C-98DA-09F353281631} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)Task: {09BC29DF-3257-4F75-B54D-24ABE7859584} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)Task: {21AAB683-0FA7-4896-BAA2-36E85A5483AB} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()Task: {31112FCF-FFBE-4A8F-A19A-AD9C84E24475} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-25] ()Task: {34ABDD7D-5EC9-4285-A962-66E3671FBF55} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)Task: {3E04A210-84AD-4718-82A9-C0CB664472BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)Task: {3ECF03B9-E70C-4D8A-B9E1-F93D12CAD6CF} - \ProPCCleaner_Popup No Task File <==== ATTENTIONTask: {46E5B7CD-AB5B-4192-919B-D3AFC8EA45A8} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-07-09] (ASUSTek Computer Inc.)Task: {5DB393D4-0F04-4416-B263-773662D80B6C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)Task: {6736C0F6-BBA7-4474-8CDF-FA622CE215DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)Task: {6E97DBA5-4FF1-42EB-9B2F-08266CC86E30} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)Task: {6F8F2FEC-9FC0-4834-8883-8667951CEA8C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)Task: {71C881CE-67CA-4CCB-9627-CDA96E2913B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-26] (Google Inc.)Task: {74CE611A-A815-4475-A325-2A29DB0852BE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)Task: {76E7EC96-7DC0-4F54-8A15-02AA01C8BD61} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)Task: {9775BBEA-AFFA-4621-B6A8-DE4A622CBF12} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)Task: {9910D1D8-E3DC-4239-A2BA-771CC3C668ED} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)Task: {9CD71F32-EA36-497B-BFD4-510B0E828424} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)Task: {A1BE3552-7024-49C4-BFE9-9C267A31531E} - \ProPCCleaner_Start No Task File <==== ATTENTIONTask: {C79123E0-3B58-4E59-9E17-34AE707C1111} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)Task: {CF2A6C4E-4C27-424E-887F-37268A66495F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)Task: {E15EE38F-49FD-4B96-80DE-D879B8988540} - System32\Tasks\Microsoft Office 15 Sync Maintenance for AmrLaptop-Amirtha AmrLaptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)Task: {E844DF20-238B-43E1-90D2-3EC9E326114F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)Task: {EB766905-223B-4F27-8179-84E2889E2217} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.)Task: {FC11FC05-24E3-41AD-B4A9-F74AD815560E} - System32\Tasks\ASUS GIFTBOX Desktop => C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [2014-08-07] (ASUS)Task: {FC59D6FC-FD25-4A59-A220-FD0B15C7665C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001Core.job => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2597420283-1509548883-3541148938-1001UA.job => C:\Users\Amirtha\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-11-09 03:48 - 2014-04-08 17:06 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-03-25 14:48 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2015-03-25 15:20 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2013-12-04 12:44 - 2013-12-04 12:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe2013-12-04 12:44 - 2013-12-04 12:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll2013-12-04 12:44 - 2013-12-04 12:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll2015-03-25 15:21 - 2015-03-25 15:21 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-11-09 03:54 - 2014-02-25 23:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe2015-02-12 23:56 - 2015-02-12 23:56 - 01374504 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSService.exe2015-08-07 15:16 - 2015-08-07 15:16 - 00852684 _____ () C:\Users\Amirtha\Downloads\securitycheck.exe2015-03-25 15:20 - 2015-03-25 15:21 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll2014-04-02 18:46 - 2014-04-02 18:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll2014-11-09 03:47 - 2013-12-09 19:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2015-08-05 22:34 - 2015-07-31 02:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll2015-08-05 22:34 - 2015-07-31 02:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Amirtha\Pictures\IMG_20150120_074117296.jpgDNS Servers: 192.168.1.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "BTMTrayAgent"HKLM\...\StartupApproved\Run: => "NvBackend"HKLM\...\StartupApproved\Run: => "SmartAudio"HKLM\...\StartupApproved\Run: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "ApnTBMon"HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"HKU\S-1-5-21-2597420283-1509548883-3541148938-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_600696EEBA989FB199FFA71303940F4C" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{564A4039-5CE5-402F-8AD0-C0C53DDC38B7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{d05fc355-7378-4131-b023-8aa91373d69c}] => (Allow) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exeFirewallRules: [{4626103B-7061-43AC-AB38-DB80B71C057C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{CD8D5654-3D5F-454D-AE7F-4DCBF6A23CAE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{3BDE4E91-8E8E-4B1F-A277-53B26B7E155E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exeFirewallRules: [{8F79737D-65EE-4383-879C-DF3BEA8A4691}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exeFirewallRules: [{73D1543A-7CAE-4D5B-8337-D555B3F19CDA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exeFirewallRules: [{4C32EAE7-54FD-4E48-8160-12203E33E23E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exeFirewallRules: [{F7A50E78-F9AC-4053-A144-5497D535408E}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exeFirewallRules: [{A31D41C2-7737-4D2E-BC78-DCB29AD494E8}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exeFirewallRules: [{C7BA097B-0D59-4BB4-9C83-DDC9898BC8B4}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exeFirewallRules: [{CB2177EF-112F-42C5-86EA-9B849EECC46A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exeFirewallRules: [{343260F8-1AD6-456C-89F6-69E69901FDF9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exeFirewallRules: [{9E6151AC-D972-4B15-91C0-EF9911885F01}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exeFirewallRules: [{FCAB22D1-FF1D-408A-9C91-D6B4D3AFC924}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{2835F212-5CDF-44E5-9B1E-042B583F2C40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{5E4DFB9D-D633-47D0-B92F-F7CA9CC89F94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{6D91F745-31C8-4A64-B4F2-FAEC7F973F3E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{02CFB4C8-05D7-4446-A091-759E9464A8BD}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{2033691C-1471-49BE-96F2-758B1941E1EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/08/2015 07:23:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/08/2015 04:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9114110 Error: (08/08/2015 04:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9114110 Error: (08/08/2015 04:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/07/2015 01:45:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/07/2015 12:36:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/07/2015 12:23:46 AM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9966fa96-0eef-4d97-824b-a2147b9dfe4c} Error: (08/07/2015 12:15:18 AM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (08/07/2015 12:15:18 AM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (08/04/2015 08:12:29 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bbFaulting module name: MSHTML.dll, version: 11.0.9600.17924, time stamp: 0x5595ab25Exception code: 0xc0000005Fault offset: 0x00849bc6Faulting process id: 0xe94Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Faulting package full name: IEXPLORE.EXE4Faulting package-relative application ID: IEXPLORE.EXE5 System errors:=============Error: (08/08/2015 09:43:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home. Error: (08/08/2015 08:53:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home. Error: (08/07/2015 01:17:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home. Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: %%1069 Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Search service failed to start due to the following error: %%1069 Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7038) (User: )Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Search service failed to start due to the following error: %%1069 Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7038) (User: )Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (08/07/2015 12:15:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Juniper Network Connect Service service failed to start due to the following error: %%109 Error: (08/07/2015 12:15:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Microsoft Office:=========================Error: (08/08/2015 07:23:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/08/2015 04:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9114110 Error: (08/08/2015 04:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9114110 Error: (08/08/2015 04:03:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/07/2015 01:45:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/07/2015 12:36:48 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (08/07/2015 12:23:46 AM) (Source: VSS) (EventID: 8194) (User: )Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9966fa96-0eef-4d97-824b-a2147b9dfe4c} Error: (08/07/2015 12:15:18 AM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (08/07/2015 12:15:18 AM) (Source: ISCTAgent) (EventID: 1000) (User: )Description: ISCT - netDetect::AOACWLANProset::LocateAdapters Net Detect: Net Detect Supported Error Getting Adapter List Error=0x80040302\n Error: (08/04/2015 08:12:29 PM) (Source: Application Error) (EventID: 1000) (User: )Description: IEXPLORE.EXE11.0.9600.17840555fe1bbMSHTML.dll11.0.9600.179245595ab25c000000500849bc6e9401d0ceea5f074e5aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MSHTML.dlla831143e-3b06-11e5-8270-28b2bde0826e ==================== Memory info =========================== Processor: Intel® Core i7-4510U CPU @ 2.00GHzPercentage of memory in use: 48%Total physical RAM: 12176.91 MBAvailable physical RAM: 6303.26 MBTotal Virtual: 14096.91 MBAvailable Virtual: 6551.19 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:13.78 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Data) (Fixed) (Total:130.86 GB) (Free:130.75 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 238.5 GB) (Disk ID: E63C06DC) Partition: GPT Partition Type. Link to post Share on other sites More sharing options...
amirtha Posted August 9, 2015 Author ID:982215 Share Posted August 9, 2015 I repeated my anti-virus scan and it removed several things.And now the hyperlinks are gone too. Maybe it is better.Amirtha Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2015 ID:982273 Share Posted August 9, 2015 Please carry out these task:Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.Run FRST.exe/FRST64.exe and click Fix only once and waitThe tool will create a log (Fixlog.txt) in the folder, please post it to your reply.=========================== Next:1. Download and run this tool (Software removal tool), immediately it will start searching for suspicious programs on your computer and then shows a message how many programs it found.https://www.google.com/chrome/srt/2. Click ‘Remove suspicious programs ‘and wait for the tool to show ‘removal complete’ message.3. Click ‘Continue’ to quit the tool (you may be prompted to restart your computer, do so)4. After that, Chrome will automatically open and asks to reset browser settings, just close it out...no need to reset.=============================Update and run a scan with Malwarebytes.MrCfixlist.txt Link to post Share on other sites More sharing options...
amirtha Posted August 10, 2015 Author ID:982492 Share Posted August 10, 2015 I don't seem to be getting the hijacking now, but still occasionally see the random word hyperlinks, although they are blocked if I try to click on them.The chrome scan didn't show anything.No threats on malwarebytes scan. first log scan showed:Fix result of Farbar Recovery Scan Tool (x64) Version:09-08-2015Ran by Amirtha (2015-08-10 10:26:20) Run:2Running from C:\Users\Amirtha\DownloadsLoaded Profiles: Amirtha (Available Profiles: Amirtha)Boot Mode: Normal============================================== fixlist content:*****************CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.goo...ice/update2/crxC:\Users\Amirtha\AppData\Local\Temp\jre-8u51-windows-au.exeC:\Users\Amirtha\AppData\Local\Temp\ytb.exeTask: {A1BE3552-7024-49C4-BFE9-9C267A31531E} - \ProPCCleaner_Start No Task File <==== ATTENTIONTask: {3ECF03B9-E70C-4D8A-B9E1-F93D12CAD6CF} - \ProPCCleaner_Popup No Task File <==== ATTENTIONCustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Amirtha\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File ***************** "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol" => key removed successfullyC:\Users\Amirtha\AppData\Local\Temp\jre-8u51-windows-au.exe => moved successfully.C:\Users\Amirtha\AppData\Local\Temp\ytb.exe => moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1BE3552-7024-49C4-BFE9-9C267A31531E}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1BE3552-7024-49C4-BFE9-9C267A31531E}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3ECF03B9-E70C-4D8A-B9E1-F93D12CAD6CF}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ECF03B9-E70C-4D8A-B9E1-F93D12CAD6CF}" => key removed successfully"HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully"HKU\S-1-5-21-2597420283-1509548883-3541148938-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully ==== End of Fixlog 10:26:23 ==== Link to post Share on other sites More sharing options...
MrCharlie Posted August 10, 2015 ID:982495 Share Posted August 10, 2015 For now...please look through this: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=3293454 MrC Link to post Share on other sites More sharing options...
MrCharlie Posted August 12, 2015 ID:982939 Share Posted August 12, 2015 How are we doing??? MrC Link to post Share on other sites More sharing options...
amirtha Posted August 12, 2015 Author ID:982999 Share Posted August 12, 2015 I may have spoke too soon. It has started again, both the hijacking and also the hyperlinks. I'm looking at the link you sent before to see if there is something else I need to do.Thanks for checking back. Link to post Share on other sites More sharing options...
MrCharlie Posted August 13, 2015 ID:983008 Share Posted August 13, 2015 OK...let me know MrC Link to post Share on other sites More sharing options...
amirtha Posted August 16, 2015 Author ID:983550 Share Posted August 16, 2015 I've tried to op-out of as many of these sites as I could. I am still having the hijacking, it happens a lot when I right click to open a link in a new tab Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2015 ID:983594 Share Posted August 16, 2015 The link I gave you refers to the underlined hyperlinks, not the hijacking. Please re-scan with FRST and Make sure the Addition Box is checked. http://www.fixitpc.pl/picasso/images/malware/tools/frst/frst_win05.png Post or attach the 2 logs FRST.txt and Addition.txt MrC Link to post Share on other sites More sharing options...
amirtha Posted August 16, 2015 Author ID:983617 Share Posted August 16, 2015 I have ran scans several more times, and I always find one or two adware that are removed.I tried to opt-out of as many in text ads as I could.My startup is now getting quite slow.FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Recommended Posts