Pops with ad-type.google.com and redirecting tradeadexchange.com

sameerc · August 18, 2015

Hi I am facing this issue, where if i click on any webpage, it leads to new popup which starts with ad-type.google.com and then redirects to tradeadexchange.com or goo.gl or other websites which change from time to time. I have tried several anti-malware programs available on the Cnet.com downloads, it is a very persistant infection, malwarebytes, spybot etc, adwcleaner found some folder related to babylon, bitguard, opencandy and HPadddata, which were deleted by adwcleaner, I have also removed all extra software, only very basic software remains, also removed any add-on, reset browsers tried to search in safe mode with networking as well, the scans are clean but the redirect pops remain.

Farbar scans are attached and additional.txt reports are attached , can you please advise how to handle this.

Regards

Sameer

----------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015
Ran by SAMEER (ATTENTION: The logged in user is not administrator) on KBC-PC (18-08-2015 10:21:12)
Running from C:\Downloads\Farbar
Loaded Profiles: SAMEER (Available Profiles: KBC & SAMEER)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> ASCService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SLsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> agrsmsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> CLCapSvc.exe
Failed to access process -> FreeAgentService.exe
Failed to access process -> McSACore.exe
Failed to access process -> mfemms.exe
Failed to access process -> mfevtps.exe
Failed to access process -> svchost.exe
Failed to access process -> mfevtps.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> RichVideo.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
Failed to access process -> mfefire.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> CLSched.exe
Failed to access process -> McAPExe.exe
Failed to access process -> rundll32.exe
Failed to access process -> mfefire.exe
Failed to access process -> McSvHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [155648 2006-09-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [562688 2015-02-11] (McAfee, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer\Run: [] =>
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-595894999-490155728-2440704941-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-18] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [] => [X]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-595894999-490155728-2440704941-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.in/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-595894999-490155728-2440704941-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 113.193.1.60 113.193.0.148
Tcpip\..\Interfaces\{7A8B311E-52BC-474D-92E3-3E6266593E19}: [DhcpNameServer] 113.193.1.60 113.193.0.148

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-14] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-05]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-05]

Chrome:
=======
CHR Profile: C:\Users\SAMEER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\SAMEER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SAMEER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SAMEER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\SAMEER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-03-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 CLCapSvc; C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe [274529 2007-01-06] () [File not signed]
R2 CLSched; C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe [118879 2007-01-06] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-07-07] (Macrovision Europe Ltd.) [File not signed]
R2 FreeAgentGoNext Service; D:\Program Files\Sync\FreeAgentService.exe [189736 2009-12-18] (Seagate Technology LLC)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-08-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [690408 2015-03-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [476680 2015-02-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-03-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2007-01-05] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 0044371439871909mcinstcleanup; C:\Windows\TEMP\004437~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [9728 2006-11-23] (Lenovo Corporation)
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [48296 2007-09-11] (Aladdin Knowledge Systems, Ltd.)
S3 CapFilt; C:\Windows\system32\Drivers\CapFilt.sys [18944 2007-09-21] (ensurebit) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
R1 DritekPortIO; C:\Program Files\EzButton\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () [File not signed]
R3 eTSCFLT; C:\Windows\System32\DRIVERS\eTSCFLT.sys [12456 2007-09-11] (Aladdin Knowledge Systems, Ltd.)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-09-06] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [67584 2012-09-06] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-09-06] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
R3 TridVid; C:\Windows\System32\DRIVERS\TridVid.sys [159104 2007-09-21] (Trident Multimedia Technologies Co.,Ltd)
S3 UDA; C:\Windows\System32\Drivers\rcudawdm.sys [25760 2012-04-17] (Rainbow China Co,. Ltd.)
S3 wdf_usb_vista; C:\Windows\System32\DRIVERS\usb2ser_vista.sys [38912 2012-10-11] (MediaTek Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 EraserUtilDrv11110; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
U2 wuaserv; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 17:16 - 2015-08-17 17:17 - 00000583 _____ C:\AdwCleaner[s11].txt
2015-08-17 15:40 - 2015-08-17 15:40 - 00000000 ____D C:\ProgramData\ProductData
2015-08-17 14:31 - 2015-07-22 02:25 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-17 14:31 - 2015-07-21 21:37 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-17 14:31 - 2015-07-21 21:37 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-17 14:31 - 2015-07-21 21:37 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-17 14:31 - 2015-07-21 21:37 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-17 14:31 - 2015-07-21 21:33 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-17 14:31 - 2015-07-21 21:33 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-17 14:31 - 2015-07-21 21:33 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-17 14:30 - 2015-08-01 00:57 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 14:29 - 2015-07-09 19:50 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-17 14:28 - 2015-07-11 01:07 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-17 14:27 - 2015-07-11 21:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-17 14:24 - 2015-07-18 21:33 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-17 14:23 - 2015-08-01 03:38 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-17 14:23 - 2015-08-01 03:16 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-17 14:23 - 2015-08-01 03:16 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-17 14:23 - 2015-08-01 03:16 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-17 14:23 - 2015-08-01 03:16 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-17 14:23 - 2015-08-01 02:11 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-17 14:23 - 2015-08-01 02:10 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-17 14:23 - 2015-08-01 02:05 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-17 14:23 - 2015-08-01 02:03 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-17 14:23 - 2015-08-01 02:03 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-17 14:23 - 2015-08-01 02:03 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-17 14:23 - 2015-08-01 02:03 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-17 14:23 - 2015-07-11 01:07 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-17 14:23 - 2015-07-11 01:07 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-17 13:01 - 2015-08-17 13:01 - 00122311 _____ C:\Users\KBC\Desktop\JRT.txt
2015-08-17 12:15 - 2015-08-17 12:15 - 00001654 _____ C:\Windows\PFRO.log
2015-08-17 10:56 - 2015-08-18 10:21 - 00000000 ____D C:\FRST
2015-08-17 10:53 - 2015-08-17 10:54 - 01676800 _____ (Farbar) C:\Users\SAMEER\Downloads\FRST (1).exe
2015-08-17 10:19 - 2015-08-17 10:22 - 00000584 _____ C:\AdwCleaner[s10].txt
2015-08-16 16:48 - 2015-08-16 16:50 - 00000582 _____ C:\AdwCleaner[s9].txt
2015-08-16 16:36 - 2015-08-16 16:36 - 00000000 ____D C:\Users\SAMEER\AppData\Local\HP
2015-08-16 16:29 - 2015-08-16 16:29 - 00000903 _____ C:\Users\SAMEER\Desktop\Internet Explorer.lnk
2015-08-16 15:46 - 2015-07-01 21:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-16 15:45 - 2015-07-09 19:55 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-16 15:45 - 2015-07-09 19:55 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-16 13:43 - 2015-08-16 13:43 - 00000626 _____ C:\Users\KBC\Desktop\Tcpview.exe.lnk
2015-08-16 11:23 - 2015-08-16 11:23 - 00000981 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-08-16 11:22 - 2015-08-16 11:46 - 00001922 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-08-16 11:22 - 2015-08-16 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-08-16 11:10 - 2015-08-16 11:10 - 00000778 _____ C:\AdwCleaner[C6].txt
2015-08-16 11:06 - 2015-08-16 11:07 - 00000675 _____ C:\AdwCleaner[s8].txt
2015-08-15 22:52 - 2015-08-15 22:52 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-15 22:52 - 2015-08-15 22:52 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-15 22:52 - 2015-08-15 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-15 22:51 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-15 22:51 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-15 22:51 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-15 22:13 - 2015-08-17 17:19 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-15 22:13 - 2015-08-15 22:49 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-15 20:16 - 2015-08-15 22:52 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-14 16:54 - 2015-08-14 16:54 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-14 16:54 - 2015-08-14 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-14 16:52 - 2015-08-18 09:59 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-14 16:52 - 2015-08-18 09:48 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-14 16:39 - 2015-08-14 16:39 - 00000293 _____ C:\Users\SAMEER\Desktop\Local Disk © - Shortcut.lnk
2015-08-14 14:19 - 2015-08-14 15:51 - 00000000 ____D C:\Users\SAMEER\AppData\Local\AdFender
2015-08-14 14:07 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\is-K9FIV.tmp
2015-08-14 12:43 - 2015-07-23 02:24 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-14 12:43 - 2015-07-23 02:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-14 12:43 - 2015-07-23 02:21 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-14 12:43 - 2015-07-23 02:17 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-14 12:43 - 2015-07-23 02:16 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-14 12:43 - 2015-07-23 02:16 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-14 12:43 - 2015-07-23 02:15 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-14 12:43 - 2015-07-23 02:15 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-14 12:43 - 2015-07-23 02:15 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-14 12:43 - 2015-07-23 02:14 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-14 12:43 - 2015-07-23 02:14 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-14 12:43 - 2015-07-23 02:14 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-14 12:43 - 2015-07-23 02:14 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-14 12:43 - 2015-07-23 02:14 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-14 12:43 - 2015-07-23 02:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-14 12:43 - 2015-07-23 02:13 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-14 12:43 - 2015-07-23 02:13 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-14 12:43 - 2015-07-23 02:13 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-14 12:43 - 2015-07-23 02:13 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-14 12:43 - 2015-07-23 02:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-14 12:43 - 2015-07-23 02:13 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-14 12:43 - 2015-07-23 02:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 15:53 - 2015-08-13 15:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-12 12:39 - 2015-08-15 11:38 - 00000000 ____D C:\AdwCleaner
2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2015-08-01 19:05 - 2015-08-01 20:01 - 00000000 ____D C:\Users\SAMEER\AppData\Roaming\Skype
2015-08-01 19:05 - 2015-08-01 19:05 - 00000000 ____D C:\Users\SAMEER\AppData\Local\Skype
2015-08-01 13:38 - 2015-08-01 13:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\ProductData
2015-08-01 13:38 - 2015-08-01 13:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ProductData
2015-08-01 09:52 - 2015-07-03 21:34 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-31 16:24 - 2015-07-31 16:24 - 00000000 ____D C:\Users\SAMEER\AppData\Roaming\ProductData
2015-07-31 16:23 - 2015-08-18 09:49 - 00013072 _____ C:\Users\SAMEER\AppData\Roaming\nvModes.dat
2015-07-31 16:23 - 2015-08-18 09:49 - 00013072 _____ C:\Users\SAMEER\AppData\Roaming\nvModes.001
2015-07-31 15:34 - 2015-06-08 14:13 - 00348488 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-07-31 15:29 - 2015-08-12 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-31 14:12 - 2015-08-01 13:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2015-07-31 14:12 - 2015-08-01 13:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2015-07-30 22:25 - 2015-08-18 09:58 - 01010393 _____ C:\Windows\WindowsUpdate.log
2015-07-29 16:58 - 2015-06-17 22:20 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-29 16:58 - 2015-06-17 20:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-29 16:57 - 2015-06-12 21:31 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-29 16:44 - 2015-04-24 21:24 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-29 16:39 - 2015-03-05 08:02 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-29 16:39 - 2015-03-05 07:53 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-29 16:00 - 2015-05-31 13:41 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-29 16:00 - 2015-04-11 04:52 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-29 15:58 - 2015-06-27 21:33 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-29 15:58 - 2015-06-27 21:32 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-29 15:58 - 2015-06-27 21:32 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-29 15:58 - 2015-06-27 21:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-29 15:58 - 2015-06-27 19:51 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-29 15:58 - 2015-06-27 19:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-29 15:58 - 2015-06-12 18:43 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-29 15:58 - 2015-04-30 21:33 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-29 15:58 - 2015-01-09 05:47 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-29 15:57 - 2015-05-09 04:38 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-29 15:55 - 2015-05-05 04:21 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-29 15:55 - 2015-05-05 04:20 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-29 15:55 - 2015-05-05 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-29 15:55 - 2015-05-05 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-29 15:55 - 2015-05-05 02:51 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-26 15:07 - 2015-08-14 16:40 - 00000000 ____D C:\Users\SAMEER\AppData\Local\Google
2015-07-26 15:06 - 2015-07-31 16:55 - 00000000 ____D C:\Users\SAMEER\AppData\Roaming\IObit

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 10:19 - 2007-09-21 09:43 - 15966515 _____ C:\FaceProv.log
2015-08-18 09:48 - 2006-11-02 18:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 09:48 - 2006-11-02 18:15 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 09:48 - 2006-11-02 18:15 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 09:47 - 2008-01-28 14:40 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-08-18 09:47 - 2006-11-02 18:28 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-17 17:10 - 2011-02-28 09:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-17 17:08 - 2013-07-31 15:16 - 00000000 ____D C:\Windows\system32\MRT
2015-08-17 17:02 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-17 17:01 - 2006-11-02 15:54 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-17 16:53 - 2006-11-02 15:53 - 00000254 _____ C:\Windows\win.ini
2015-08-17 15:38 - 2006-11-02 18:14 - 00399736 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-17 15:34 - 2006-11-02 18:05 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-17 12:16 - 2008-01-25 10:14 - 00090657 _____ C:\Users\KBC\AppData\Roaming\nvModes.001
2015-08-17 10:51 - 2011-12-30 16:35 - 00000000 ____D C:\fakepath
2015-08-17 10:24 - 2015-03-31 20:13 - 00000000 ____D C:\ProgramData\IObit
2015-08-17 10:17 - 2012-10-05 22:32 - 00000000 ____D C:\Temp delete after use
2015-08-16 16:36 - 2008-03-03 10:34 - 00000000 ____D C:\Users\SAMEER\AppData\Local\VirtualStore
2015-08-16 13:44 - 2010-02-16 13:51 - 00000000 ____D C:\Users\KBC\AppData\Local\CrashDumps
2015-08-16 11:51 - 2008-01-25 10:14 - 00090657 _____ C:\Users\KBC\AppData\Roaming\nvModes.dat
2015-08-16 11:31 - 2008-03-03 10:34 - 00000000 ____D C:\Users\SAMEER
2015-08-16 11:19 - 2015-03-31 20:00 - 00000000 ____D C:\Program Files\IObit
2015-08-16 07:40 - 2014-03-05 13:19 - 00000000 ____D C:\Program Files\McAfee
2015-08-15 11:47 - 2015-02-22 19:50 - 00000000 ____D C:\Users\KBC\AppData\Local\Google
2015-08-14 16:53 - 2015-02-22 19:51 - 00000000 ____D C:\Program Files\Google
2015-08-14 16:30 - 2009-06-24 14:18 - 00000000 ____D C:\ProgramData\Skype
2015-08-14 16:27 - 2014-03-10 19:37 - 00000000 ____D C:\Program Files\VideoLAN
2015-08-14 16:22 - 2008-01-29 17:37 - 00000909 _____ C:\Users\KBC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 16:07 - 2009-11-09 11:28 - 00766602 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-14 14:51 - 2008-02-13 17:32 - 00000000 ____D C:\Program Files\Acro Software
2015-08-14 14:50 - 2008-02-13 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-08-01 11:05 - 2007-09-21 09:45 - 00026822 _____ C:\HeadVideo.log
2015-07-31 22:51 - 2014-09-12 15:04 - 00000000 ____D C:\Program Files\DC-Unlocker
2015-07-31 20:56 - 2006-11-02 16:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-31 17:22 - 2011-10-28 11:17 - 00000000 ____D C:\Program Files\Camtech
2015-07-31 16:56 - 2012-05-24 19:29 - 00000000 ____D C:\Users\KBC\AppData\Roaming\Philipp Winterberg
2015-07-30 21:59 - 2011-02-27 12:34 - 00000000 ____D C:\Windows\pss
2015-07-30 21:56 - 2011-02-27 10:00 - 00000764 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-30 21:56 - 2011-02-27 10:00 - 00000000 ____D C:\Program Files\CCleaner
2015-07-30 21:46 - 2011-02-25 17:06 - 00000000 ____D C:\Program Files\Adobe
2015-07-30 21:46 - 2008-01-25 17:00 - 00000000 ____D C:\ProgramData\Adobe
2015-07-30 21:46 - 2008-01-25 17:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-30 21:45 - 2011-06-04 11:33 - 00000000 ____D C:\Program Files\EASEUS
2015-07-30 19:51 - 2008-02-19 16:00 - 00060928 _____ C:\Users\KBC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-30 17:06 - 2011-02-27 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-30 11:47 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\rescache
2015-07-26 15:36 - 2014-09-12 17:53 - 00000000 ____D C:\Program Files\Common Files\XCPCSync.OEM
2015-07-26 15:36 - 2011-07-05 12:22 - 00000000 ____D C:\Users\KBC\AppData\Local\Research In Motion
2015-07-26 15:36 - 2010-11-14 12:27 - 00004819 _____ C:\Users\KBC\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-07-26 15:36 - 2010-07-09 14:33 - 00000000 ____D C:\Program Files\Common Files\Research In Motion
2015-07-26 15:07 - 2008-03-03 10:36 - 00106864 _____ C:\Users\SAMEER\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2015-07-31 16:23 - 2015-08-18 09:49 - 0013072 _____ () C:\Users\SAMEER\AppData\Roaming\nvModes.001
2015-07-31 16:23 - 2015-08-18 09:49 - 0013072 _____ () C:\Users\SAMEER\AppData\Roaming\nvModes.dat
2014-02-20 16:13 - 2014-02-20 16:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-03-25 15:30 - 2013-03-25 15:30 - 0002001 _____ () C:\ProgramData\eTdsWizard1314_A8D59B57-C4D3-4DEE-88D4-9466F7421A5F.swidtag
2009-06-24 14:28 - 2009-06-24 14:28 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2008-02-12 14:45 - 2014-04-12 14:40 - 0043280 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\KBC\AppData\Local\Temp\ASCSetup_478330.exe
C:\Users\KBC\AppData\Local\Temp\ASCSetup_6832921.exe
C:\Users\KBC\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Kan geen toegang krijgen tot BCD. Gebruiker is geen beheerder.

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by SAMEER (2015-08-18 10:22:19)
Running from C:\Downloads\Farbar
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-595894999-490155728-2440704941-500 - Administrator - Disabled)
Guest (S-1-5-21-595894999-490155728-2440704941-501 - Limited - Enabled)
KBC (S-1-5-21-595894999-490155728-2440704941-1001 - Administrator - Enabled) => C:\Users\KBC
SAMEER (S-1-5-21-595894999-490155728-2440704941-1002 - Limited - Enabled) => C:\Users\SAMEER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Out of date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.3.0 - IObit)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EASEUS Partition Master 6.5.2 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS)
Easy Button (HKLM\...\EzButton) (Version: - )
EasyCapture2.5 (HKLM\...\EasyCapture2.5) (Version: - )
EnergyCut (HKLM\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: 1.00 - )
eToken PKI Client 4.55 (HKLM\...\{2146B7E6-FC1C-4230-9952-E9CA2260AA08}) (Version: 4.55.22 - Aladdin Knowledge Systems Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HP Deskjet 3540 series Basic Device Software (HKLM\...\{29E641BB-2183-4653-B589-18B10E5D9635}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
HP Deskjet 3540 series Help (HKLM\...\{1D456349-7D00-479E-A2A9-C846CE390FE5}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Internet Telephone (Version: 4.60 - Callserve Communications Ltd) Hidden
Internet Telephone 4.60 (HKLM\...\{B24E6473-5600-42D0-BD57-8E4B85ACD0BD}) (Version: - )
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.3400 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3400 - Lenovo.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Internet Security (HKLM\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.264 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerCineama MagicDirector Module (HKLM\...\{13E613EF-BB55-11D9-9D77-000129760D75}) (Version: - )
PowerCinema MakeDisc Module (HKLM\...\{FC4F90EC-B1DA-11D9-9D77-000129760D75}) (Version: - )
Product Improvement Study for HP Deskjet 3540 series (HKLM\...\{6945C9BA-710C-4776-BB1C-F5F2368AE45E}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5350 - Realtek Semiconductor Corp.)
Seagate Manager Installer (HKLM\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate)
Seagate Manager Installer (Version: 2.01.0700 - Seagate) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
ShuttleCenter (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Tally.ERP 9 (HKLM\...\{AAF5BFFE-1A0B-4A9E-B726-82AC4DD26B59}) (Version: - ©Tally Solutions Pvt. Ltd., 1988-2011.)
VeriFace (HKLM\...\VeriFace) (Version: - )
Windows Driver Package - Animation Technologies Inc. (TridVid) Media (01/17/2007 1.287.3.10) (HKLM\...\A06EE73B1C7DE59F5A907866B9F81C6A89C49529) (Version: 01/17/2007 1.287.3.10 - Animation Technologies Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 15:53 - 2006-09-19 03:11 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-595894999-490155728-2440704941-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 113.193.1.60 - 113.193.0.148
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: EnergyCut => C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
MSCONFIG\startupreg: EzButton => C:\PROGRA~1\EzButton\EzButton.EXE
MSCONFIG\startupreg: Web Companion => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{220A476B-2141-449D-97EA-DBDA5CED72C0}] => (Allow) C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
FirewallRules: [{A8C034E5-DF54-44B8-A7A8-58EC1EC3DA18}] => (Allow) C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
FirewallRules: [{63C51BF3-A473-45F9-AA15-805921301115}] => (Allow) E:\setup\hpznui01.exe
FirewallRules: [{81B5AEA8-4A93-4596-835D-560BE99C65D4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{FB21CEB4-2A28-4E9D-A279-EB54545DD1E6}] => (Allow) LPort=80
FirewallRules: [{2030BD37-94FF-42A5-B91B-518748F4B633}] => (Allow) LPort=80
FirewallRules: [{F968B3A9-1A68-4965-A197-70674883C713}] => (Allow) LPort=80
FirewallRules: [{A2702353-55E3-44ED-88D8-D1A0A8EDDF58}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\DeviceSetup.exe
FirewallRules: [{D1F5E28F-7053-4A6F-BC0F-004589AD897F}] => (Allow) LPort=5357
FirewallRules: [{870B7F5E-22FB-40F2-8722-75D88567B902}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0F642D0E-4922-49AD-AEAE-E318A9EDDEC6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{8BD673B0-C91A-4F8F-A4BC-DCF3DE6D332D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{427C8CB5-8362-47AC-942F-A4AFE073965F}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{4D4956A9-88F3-4D3C-8DCA-70A746A4AF7E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/17/2015 05:08:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (08/17/2015 05:08:01 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (08/17/2015 03:49:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16684 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1248
Start Time: 01d0d8d609462d32
Termination Time: 125

Error: (08/17/2015 02:17:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16684 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 10ac
Start Time: 01d0d8c8329774b9
Termination Time: 141

Error: (08/17/2015 12:42:25 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The interface is unknown

Error: (08/17/2015 12:42:25 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/17/2015 12:14:09 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/16/2015 04:13:33 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

System errors:
=============
Error: (08/18/2015 09:49:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/18/2015 09:49:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/18/2015 09:48:26 AM) (Source: HTTP) (EventID: 15021) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482

Error: (08/18/2015 09:43:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/18/2015 09:43:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/18/2015 09:42:14 AM) (Source: HTTP) (EventID: 15021) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482

Error: (08/17/2015 05:22:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SysMain

Error: (08/17/2015 05:21:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000TrkWks

Error: (08/17/2015 05:16:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/17/2015 05:14:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Microsoft Office:
=========================
Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/18/2015 09:47:29 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/17/2015 05:08:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (08/17/2015 05:08:01 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (08/17/2015 03:49:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16684124801d0d8d609462d32125

Error: (08/17/2015 02:17:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1668410ac01d0d8c8329774b9141

Error: (08/17/2015 12:42:25 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The interface is unknown

Error: (08/17/2015 12:42:25 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/17/2015 12:14:09 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (08/16/2015 04:13:33 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

CodeIntegrity:
===================================
Date: 2015-08-18 10:22:09.998
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 10:22:09.390
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 10:22:08.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 10:22:08.376
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 10:22:07.518
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 10:22:07.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 10:22:06.519
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 10:22:06.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 10:22:05.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\is-K9FIV.tmp because the set of per-page image hashes could not be found on the system.

Date: 2015-08-18 10:22:04.881
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\is-K9FIV.tmp because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core2 CPU T5300 @ 1.73GHz
Percentage of memory in use: 49%
Total physical RAM: 2045.75 MB
Available physical RAM: 1036.33 MB
Total Virtual: 4328 MB
Available Virtual: 3330.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.9 GB) (Free:23.95 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:78.24 GB) (Free:72 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of log ============================

Maniac · August 18, 2015

Hello Sameer and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

You should have admin rights to proceed working here.

Ran by SAMEER (ATTENTION: The logged in user is not administrator) on KBC-PC (18-08-2015 10:21:12)

Then generate new fresh FRST log files.

sameerc · August 18, 2015

Thank you Borislav, appreciate your assistance.

Herewith the updated scans with admin login now.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015
Ran by KBC (administrator) on KBC-PC (18-08-2015 17:38:00)
Running from C:\Downloads\Farbar
Loaded Profiles: KBC (Available Profiles: KBC & SAMEER)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
() C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
(Seagate Technology LLC) D:\Program Files\Sync\FreeAgentService.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Seagate LLC) D:\Program Files\FreeAgent Status\stxmenumgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [155648 2006-09-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [562688 2015-02-11] (McAfee, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer\Run: [] =>
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-595894999-490155728-2440704941-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-18\...\RunOnce: [] => [X]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-595894999-490155728-2440704941-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-595894999-490155728-2440704941-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
Toolbar: HKU\S-1-5-21-595894999-490155728-2440704941-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-08-04] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 113.193.1.60 113.193.0.148
Tcpip\..\Interfaces\{7A8B311E-52BC-474D-92E3-3E6266593E19}: [DhcpNameServer] 113.193.1.60 113.193.0.148

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-14] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-03-05]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-05]

Chrome:
=======
CHR Profile: C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-15]
CHR Extension: (Google Drive) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-15]
CHR Extension: (Google Search) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-15]
CHR Extension: (Gmail) - C:\Users\KBC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-03-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 CLCapSvc; C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe [274529 2007-01-06] () [File not signed]
R2 CLSched; C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe [118879 2007-01-06] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-07-07] (Macrovision Europe Ltd.) [File not signed]
R2 FreeAgentGoNext Service; D:\Program Files\Sync\FreeAgentService.exe [189736 2009-12-18] (Seagate Technology LLC)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-08-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [690408 2015-03-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [476680 2015-02-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-03-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2007-01-05] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [9728 2006-11-23] (Lenovo Corporation)
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [48296 2007-09-11] (Aladdin Knowledge Systems, Ltd.)
S3 CapFilt; C:\Windows\system32\Drivers\CapFilt.sys [18944 2007-09-21] (ensurebit) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
R1 DritekPortIO; C:\Program Files\EzButton\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-07-15] () [File not signed]
R3 eTSCFLT; C:\Windows\System32\DRIVERS\eTSCFLT.sys [12456 2007-09-11] (Aladdin Knowledge Systems, Ltd.)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-09-06] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [67584 2012-09-06] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-09-06] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
R3 TridVid; C:\Windows\System32\DRIVERS\TridVid.sys [159104 2007-09-21] (Trident Multimedia Technologies Co.,Ltd)
S3 UDA; C:\Windows\System32\Drivers\rcudawdm.sys [25760 2012-04-17] (Rainbow China Co,. Ltd.)
S3 wdf_usb_vista; C:\Windows\System32\DRIVERS\usb2ser_vista.sys [38912 2012-10-11] (MediaTek Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 EraserUtilDrv11110; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
U2 wuaserv; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 17:16 - 2015-08-17 17:17 - 00000583 _____ C:\AdwCleaner[s11].txt
2015-08-17 15:40 - 2015-08-17 15:40 - 00000000 ____D C:\ProgramData\ProductData
2015-08-17 14:31 - 2015-07-22 02:25 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-17 14:31 - 2015-07-21 21:37 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-17 14:31 - 2015-07-21 21:37 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-17 14:31 - 2015-07-21 21:37 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-17 14:31 - 2015-07-21 21:37 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-17 14:31 - 2015-07-21 21:33 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-17 14:31 - 2015-07-21 21:33 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-17 14:31 - 2015-07-21 21:33 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-17 14:30 - 2015-08-01 00:57 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 14:29 - 2015-07-09 19:50 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-17 14:28 - 2015-07-11 01:07 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-17 14:27 - 2015-07-11 21:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-17 14:24 - 2015-07-18 21:33 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-17 14:23 - 2015-08-01 03:38 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-17 14:23 - 2015-08-01 03:16 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-17 14:23 - 2015-08-01 03:16 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-17 14:23 - 2015-08-01 03:16 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-17 14:23 - 2015-08-01 03:16 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-17 14:23 - 2015-08-01 02:11 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-17 14:23 - 2015-08-01 02:10 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-17 14:23 - 2015-08-01 02:05 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-17 14:23 - 2015-08-01 02:03 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-17 14:23 - 2015-08-01 02:03 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-17 14:23 - 2015-08-01 02:03 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-17 14:23 - 2015-08-01 02:03 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-17 14:23 - 2015-07-11 01:07 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-17 14:23 - 2015-07-11 01:07 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-17 13:01 - 2015-08-17 13:01 - 00122311 _____ C:\Users\KBC\Desktop\JRT.txt
2015-08-17 12:15 - 2015-08-17 12:15 - 00001654 _____ C:\Windows\PFRO.log
2015-08-17 10:56 - 2015-08-18 17:38 - 00000000 ____D C:\FRST
2015-08-17 10:53 - 2015-08-17 10:54 - 01676800 _____ (Farbar) C:\Users\SAMEER\Downloads\FRST (1).exe
2015-08-17 10:19 - 2015-08-17 10:22 - 00000584 _____ C:\AdwCleaner[s10].txt
2015-08-16 16:48 - 2015-08-16 16:50 - 00000582 _____ C:\AdwCleaner[s9].txt
2015-08-16 16:36 - 2015-08-16 16:36 - 00000000 ____D C:\Users\SAMEER\AppData\Local\HP
2015-08-16 16:29 - 2015-08-16 16:29 - 00000903 _____ C:\Users\SAMEER\Desktop\Internet Explorer.lnk
2015-08-16 15:46 - 2015-07-01 21:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-16 15:45 - 2015-07-09 19:55 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-16 15:45 - 2015-07-09 19:55 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-16 13:43 - 2015-08-16 13:43 - 00000626 _____ C:\Users\KBC\Desktop\Tcpview.exe.lnk
2015-08-16 11:23 - 2015-08-16 11:23 - 00000981 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-08-16 11:22 - 2015-08-18 17:27 - 00001922 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-08-16 11:22 - 2015-08-16 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-08-16 11:10 - 2015-08-16 11:10 - 00000778 _____ C:\AdwCleaner[C6].txt
2015-08-16 11:06 - 2015-08-16 11:07 - 00000675 _____ C:\AdwCleaner[s8].txt
2015-08-15 22:52 - 2015-08-15 22:52 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-15 22:52 - 2015-08-15 22:52 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-15 22:52 - 2015-08-15 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-15 22:51 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-15 22:51 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-15 22:51 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-15 22:13 - 2015-08-17 17:19 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-15 22:13 - 2015-08-15 22:49 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-15 20:16 - 2015-08-15 22:52 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-14 16:54 - 2015-08-14 16:54 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-14 16:54 - 2015-08-14 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-14 16:52 - 2015-08-18 17:36 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-14 16:52 - 2015-08-18 11:15 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-14 16:39 - 2015-08-14 16:39 - 00000293 _____ C:\Users\SAMEER\Desktop\Local Disk © - Shortcut.lnk
2015-08-14 14:19 - 2015-08-14 15:51 - 00000000 ____D C:\Users\SAMEER\AppData\Local\AdFender
2015-08-14 14:07 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\is-K9FIV.tmp
2015-08-14 12:43 - 2015-07-23 02:24 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-14 12:43 - 2015-07-23 02:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-14 12:43 - 2015-07-23 02:21 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-14 12:43 - 2015-07-23 02:17 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-14 12:43 - 2015-07-23 02:16 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-14 12:43 - 2015-07-23 02:16 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-14 12:43 - 2015-07-23 02:15 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-14 12:43 - 2015-07-23 02:15 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-14 12:43 - 2015-07-23 02:15 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-14 12:43 - 2015-07-23 02:14 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-14 12:43 - 2015-07-23 02:14 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-14 12:43 - 2015-07-23 02:14 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-14 12:43 - 2015-07-23 02:14 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-14 12:43 - 2015-07-23 02:14 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-14 12:43 - 2015-07-23 02:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-14 12:43 - 2015-07-23 02:13 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-14 12:43 - 2015-07-23 02:13 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-14 12:43 - 2015-07-23 02:13 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-14 12:43 - 2015-07-23 02:13 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-14 12:43 - 2015-07-23 02:13 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-14 12:43 - 2015-07-23 02:13 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-14 12:43 - 2015-07-23 02:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 15:53 - 2015-08-13 15:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-12 12:39 - 2015-08-15 11:38 - 00000000 ____D C:\AdwCleaner
2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2015-08-01 19:05 - 2015-08-01 20:01 - 00000000 ____D C:\Users\SAMEER\AppData\Roaming\Skype
2015-08-01 19:05 - 2015-08-01 19:05 - 00000000 ____D C:\Users\SAMEER\AppData\Local\Skype
2015-08-01 13:38 - 2015-08-01 13:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\ProductData
2015-08-01 13:38 - 2015-08-01 13:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ProductData
2015-08-01 09:52 - 2015-07-03 21:34 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-31 16:24 - 2015-07-31 16:24 - 00000000 ____D C:\Users\SAMEER\AppData\Roaming\ProductData
2015-07-31 16:23 - 2015-08-18 17:27 - 00013072 _____ C:\Users\SAMEER\AppData\Roaming\nvModes.dat
2015-07-31 16:23 - 2015-08-18 17:27 - 00013072 _____ C:\Users\SAMEER\AppData\Roaming\nvModes.001
2015-07-31 15:34 - 2015-06-08 14:13 - 00348488 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-07-31 15:29 - 2015-08-12 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-07-31 14:12 - 2015-08-01 13:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2015-07-31 14:12 - 2015-08-01 13:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2015-07-30 22:25 - 2015-08-18 17:36 - 01026260 _____ C:\Windows\WindowsUpdate.log
2015-07-29 16:58 - 2015-06-17 22:20 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-29 16:58 - 2015-06-17 20:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-29 16:57 - 2015-06-12 21:31 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-29 16:44 - 2015-04-24 21:24 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-29 16:39 - 2015-03-05 08:02 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-29 16:39 - 2015-03-05 07:53 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-29 16:00 - 2015-05-31 13:41 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-29 16:00 - 2015-04-11 04:52 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-29 15:58 - 2015-06-27 21:33 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-29 15:58 - 2015-06-27 21:32 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-29 15:58 - 2015-06-27 21:32 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-29 15:58 - 2015-06-27 21:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-29 15:58 - 2015-06-27 19:51 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-29 15:58 - 2015-06-27 19:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-29 15:58 - 2015-06-12 18:43 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-29 15:58 - 2015-04-30 21:33 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-29 15:58 - 2015-01-09 05:47 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-29 15:57 - 2015-05-09 04:38 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-29 15:55 - 2015-05-05 04:21 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-29 15:55 - 2015-05-05 04:20 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-29 15:55 - 2015-05-05 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-29 15:55 - 2015-05-05 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-29 15:55 - 2015-05-05 02:51 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-26 15:07 - 2015-08-14 16:40 - 00000000 ____D C:\Users\SAMEER\AppData\Local\Google
2015-07-26 15:06 - 2015-07-31 16:55 - 00000000 ____D C:\Users\SAMEER\AppData\Roaming\IObit

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 17:36 - 2008-01-25 10:14 - 00090657 _____ C:\Users\KBC\AppData\Roaming\nvModes.001
2015-08-18 17:36 - 2007-09-21 09:43 - 15968896 _____ C:\FaceProv.log
2015-08-18 17:27 - 2014-03-05 13:19 - 00000000 ____D C:\Program Files\McAfee
2015-08-18 17:27 - 2006-11-02 18:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 17:27 - 2006-11-02 18:15 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 17:27 - 2006-11-02 18:15 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 11:30 - 2008-01-28 14:40 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-08-18 11:30 - 2006-11-02 18:28 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-17 17:10 - 2011-02-28 09:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-17 17:08 - 2013-07-31 15:16 - 00000000 ____D C:\Windows\system32\MRT
2015-08-17 17:02 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-17 17:01 - 2006-11-02 15:54 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-17 16:53 - 2006-11-02 15:53 - 00000254 _____ C:\Windows\win.ini
2015-08-17 15:38 - 2006-11-02 18:14 - 00399736 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-17 15:34 - 2006-11-02 18:05 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-17 10:51 - 2011-12-30 16:35 - 00000000 ____D C:\fakepath
2015-08-17 10:24 - 2015-03-31 20:13 - 00000000 ____D C:\ProgramData\IObit
2015-08-17 10:17 - 2012-10-05 22:32 - 00000000 ____D C:\Temp delete after use
2015-08-16 16:36 - 2008-03-03 10:34 - 00000000 ____D C:\Users\SAMEER\AppData\Local\VirtualStore
2015-08-16 13:44 - 2010-02-16 13:51 - 00000000 ____D C:\Users\KBC\AppData\Local\CrashDumps
2015-08-16 11:51 - 2008-01-25 10:14 - 00090657 _____ C:\Users\KBC\AppData\Roaming\nvModes.dat
2015-08-16 11:31 - 2015-03-31 20:31 - 52871168 _____ C:\Windows\system32\config\SOFTWARE.iobit
2015-08-16 11:31 - 2015-03-31 20:31 - 45637632 _____ C:\Windows\system32\config\COMPONENTS.iobit
2015-08-16 11:31 - 2015-03-31 20:31 - 00278528 _____ C:\Windows\system32\config\DEFAULT.iobit
2015-08-16 11:31 - 2015-03-31 20:31 - 00094208 _____ C:\Windows\system32\config\SAM.iobit
2015-08-16 11:31 - 2015-03-31 20:31 - 00028672 _____ C:\Windows\system32\config\SECURITY.iobit
2015-08-16 11:31 - 2008-03-03 10:34 - 00000000 ____D C:\Users\SAMEER
2015-08-16 11:19 - 2015-03-31 20:00 - 00000000 ____D C:\Program Files\IObit
2015-08-15 11:47 - 2015-02-22 19:50 - 00000000 ____D C:\Users\KBC\AppData\Local\Google
2015-08-14 16:53 - 2015-02-22 19:51 - 00000000 ____D C:\Program Files\Google
2015-08-14 16:30 - 2009-06-24 14:18 - 00000000 ____D C:\ProgramData\Skype
2015-08-14 16:27 - 2014-03-10 19:37 - 00000000 ____D C:\Program Files\VideoLAN
2015-08-14 16:22 - 2008-01-29 17:37 - 00000909 _____ C:\Users\KBC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 16:07 - 2009-11-09 11:28 - 00766602 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-14 14:51 - 2008-02-13 17:32 - 00000000 ____D C:\Program Files\Acro Software
2015-08-14 14:50 - 2008-02-13 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-08-01 11:05 - 2007-09-21 09:45 - 00026822 _____ C:\HeadVideo.log
2015-07-31 22:51 - 2014-09-12 15:04 - 00000000 ____D C:\Program Files\DC-Unlocker
2015-07-31 20:56 - 2006-11-02 16:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-31 17:22 - 2011-10-28 11:17 - 00000000 ____D C:\Program Files\Camtech
2015-07-31 16:56 - 2012-05-24 19:29 - 00000000 ____D C:\Users\KBC\AppData\Roaming\Philipp Winterberg
2015-07-30 21:59 - 2011-02-27 12:34 - 00000000 ____D C:\Windows\pss
2015-07-30 21:56 - 2011-02-27 10:00 - 00000764 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-30 21:56 - 2011-02-27 10:00 - 00000000 ____D C:\Program Files\CCleaner
2015-07-30 21:46 - 2011-02-25 17:06 - 00000000 ____D C:\Program Files\Adobe
2015-07-30 21:46 - 2008-01-25 17:00 - 00000000 ____D C:\ProgramData\Adobe
2015-07-30 21:46 - 2008-01-25 17:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-30 21:45 - 2011-06-04 11:33 - 00000000 ____D C:\Program Files\EASEUS
2015-07-30 19:51 - 2008-02-19 16:00 - 00060928 _____ C:\Users\KBC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-30 17:06 - 2011-02-27 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-30 11:47 - 2006-11-02 16:48 - 00000000 ____D C:\Windows\rescache
2015-07-26 15:36 - 2014-09-12 17:53 - 00000000 ____D C:\Program Files\Common Files\XCPCSync.OEM
2015-07-26 15:36 - 2011-07-05 12:22 - 00000000 ____D C:\Users\KBC\AppData\Local\Research In Motion
2015-07-26 15:36 - 2010-11-14 12:27 - 00004819 _____ C:\Users\KBC\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-07-26 15:36 - 2010-07-09 14:33 - 00000000 ____D C:\Program Files\Common Files\Research In Motion
2015-07-26 15:07 - 2008-03-03 10:36 - 00106864 _____ C:\Users\SAMEER\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2008-01-25 11:34 - 2010-12-24 09:37 - 0011760 ____H () C:\Users\KBC\AppData\Roaming\KBC.idx
2008-01-25 10:14 - 2015-08-18 17:36 - 0090657 _____ () C:\Users\KBC\AppData\Roaming\nvModes.001
2008-01-25 10:14 - 2015-08-16 11:51 - 0090657 _____ () C:\Users\KBC\AppData\Roaming\nvModes.dat
2010-11-14 13:02 - 2014-09-27 16:27 - 0005691 _____ () C:\Users\KBC\AppData\Roaming\Rim.Desktop.Exception.log
2010-11-14 12:27 - 2015-07-26 15:36 - 0004819 _____ () C:\Users\KBC\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-07-05 12:22 - 2014-09-27 16:27 - 0001925 _____ () C:\Users\KBC\AppData\Roaming\Rim.DesktopHelper.Exception.log
2008-02-05 14:45 - 2013-12-20 14:23 - 0007484 _____ () C:\Users\KBC\AppData\Local\d3d9caps.dat
2008-02-19 16:00 - 2015-07-30 19:51 - 0060928 _____ () C:\Users\KBC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-20 16:13 - 2014-02-20 16:13 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-03-25 15:30 - 2013-03-25 15:30 - 0002001 _____ () C:\ProgramData\eTdsWizard1314_A8D59B57-C4D3-4DEE-88D4-9466F7421A5F.swidtag
2009-06-24 14:28 - 2009-06-24 14:28 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2008-02-12 14:45 - 2014-04-12 14:40 - 0043280 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\KBC\AppData\Local\Temp\ASCSetup_478330.exe
C:\Users\KBC\AppData\Local\Temp\ASCSetup_6832921.exe
C:\Users\KBC\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-18 17:36

==================== End of log ============================

Results of Addition Scan

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by KBC (2015-08-18 17:40:22)
Running from C:\Downloads\Farbar
Boot Mode: Normal
==========================================================