HelloJedi Posted June 15, 2016 ID:1045472 Share Posted June 15, 2016 Hello, I haven't done a cleaning and checking of my computer in a while and it lately it seems to be heating up much more even if its watching a simple video or playing a simple flash game. Here are my logs: FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016 Ran by Vedang (administrator) on VEDANG-MYTH (14-06-2016 19:28:06) Running from C:\Users\Vedang\Downloads Loaded Profiles: Vedang (Available Profiles: Vedang) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe () C:\Windows\System32\PnkBstrA.exe (CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (CLEVO CO.) C:\Program Files (x86)\Hotkey\hotkeyrtk.exe (Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (CLEVO CO.) C:\Program Files (x86)\Hotkey\hkysound.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13664984 2014-01-08] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation) HKLM\...\Run: [MBCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-01] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112000 2013-06-17] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\windows\UpdReg.EXE HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-08-08] (cyberlink) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [839648 2016-03-10] (DivX, LLC) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe HKU\S-1-5-21-2530249291-437664421-3989359840-1001\...\Run: [Power2GoExpress] => 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2014-09-29] ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-09-29] ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{7411487A-FF21-481E-AB53-BF27FF30E042}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{35d8b8ff-a4c0-446f-8691-11b6dc21caa5}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{c1c8ad6e-6fc5-488b-a809-b386c0aa2e6a}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer: ================== HKU\S-1-5-21-2530249291-437664421-3989359840-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mythlogic.com BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation) IE Session Restore: HKU\S-1-5-21-2530249291-437664421-3989359840-1001 -> is enabled. FireFox: ======== FF ProfilePath: C:\Users\Vedang\AppData\Roaming\Mozilla\Firefox\Profiles\qzaq91rb.default FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-25] (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2530249291-437664421-3989359840-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-2530249291-437664421-3989359840-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vedang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.) FF Extension: Greasemonkey - C:\Users\Vedang\AppData\Roaming\Mozilla\Firefox\Profiles\qzaq91rb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-05-02] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Vedang\AppData\Roaming\Mozilla\Firefox\Profiles\qzaq91rb.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-02] FF Extension: Adblock Plus - C:\Users\Vedang\AppData\Roaming\Mozilla\Firefox\Profiles\qzaq91rb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29] Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup default CHR Extension: (Adblock Plus) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-10] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (One Number) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi [2015-05-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (ICE Quick Stream) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2015-02-16] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Google Wallet) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-03] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Profile: C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup Default 2 CHR Extension: (YouTube) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup Default 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-14] CHR Extension: (Google Search) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup Default 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] CHR Extension: (Bookmark Manager) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup Default 2\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-11] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup Default 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-11] CHR Extension: (Google Wallet) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup Default 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-11] CHR Extension: (Gmail) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Backup Default 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Profile: C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Slides) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-11] CHR Extension: (Google Docs) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-11] CHR Extension: (Google Drive) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Adblock Plus) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-05] CHR Extension: (Google Search) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (ICE Quick Stream) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2015-05-19] CHR Extension: (Google Sheets) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-11] CHR Extension: (Google Docs Offline) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Gmail) - C:\Users\Vedang\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-08-09] (CyberLink) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-29] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-09-29] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed] S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-11-25] (Futuremark) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-01] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-01] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation) R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76152 2015-01-12] () R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2015-01-12] () R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [23552 2014-05-27] (CLEVO CO.) [File not signed] R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2013-12-09] (Qualcomm Atheros) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-18] (Synaptics Incorporated) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-28] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [33488 2015-06-25] (Insyde Corporation) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [80592 2013-11-08] (Qualcomm Atheros, Inc.) R0 FPWinIo; C:\Windows\System32\drivers\FPWinIo.sys [83688 2013-08-08] (Egis Technology Inc.) R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-06-17] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-09-18] (Synaptics Incorporated) S3 Spyder3; C:\Windows\System32\drivers\Spyder3.sys [15360 2007-12-12] () R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows (R) Win 7 DDK provider) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-14 19:28 - 2016-06-14 19:28 - 00023460 _____ C:\Users\Vedang\Downloads\FRST.txt 2016-06-14 19:27 - 2016-06-14 19:28 - 00000000 ____D C:\FRST 2016-06-14 19:25 - 2016-06-14 19:26 - 02385920 _____ (Farbar) C:\Users\Vedang\Downloads\FRST64.exe 2016-06-14 18:49 - 2016-06-14 18:49 - 00000000 ____D C:\WINDOWS\LastGood 2016-06-14 18:49 - 2016-04-13 22:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2016-06-14 18:49 - 2016-04-13 22:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2016-06-13 18:00 - 2016-06-13 18:00 - 00541171 _____ C:\Users\Vedang\Downloads\http _horsepowerkings.com_ford-shelby-gt500-under-development_.htm 2016-06-07 20:06 - 2016-06-07 20:06 - 00665884 _____ C:\Users\Vedang\Downloads\Insurance_Fraud_Detection.pdf 2016-05-26 12:31 - 2016-05-26 12:31 - 00111547 _____ C:\Users\Vedang\Downloads\schedule.pdf 2016-05-24 09:31 - 2016-05-24 09:31 - 00357393 _____ C:\Users\Vedang\Downloads\DA_01050_F9.pdf 2016-05-24 08:01 - 2016-05-24 08:01 - 00219991 _____ C:\Users\Vedang\Downloads\DA_01044_TA.pdf 2016-05-24 07:52 - 2016-05-24 07:52 - 00085958 _____ C:\Users\Vedang\Downloads\OL_OverviewofthePersonalAutoPolicy.pdf 2016-05-24 07:43 - 2016-05-24 07:43 - 00050120 _____ C:\Users\Vedang\Downloads\PP00010105.pdf 2016-05-24 00:06 - 2016-05-24 00:06 - 00044933 _____ C:\Users\Vedang\Downloads\OL_BenefitsofInsurance.pdf 2016-05-23 23:50 - 2016-05-23 23:50 - 00085508 _____ C:\Users\Vedang\Downloads\OL_ExamplesOfForeignLossExposures.pdf 2016-05-23 23:19 - 2016-05-23 23:19 - 00083745 _____ C:\Users\Vedang\Downloads\OL_TypicalExclusionsOfSiteSpecificEILPolicies.pdf 2016-05-23 21:32 - 2016-05-23 21:32 - 00043557 _____ C:\Users\Vedang\Downloads\OL_Example3singlepolicyexamplebalancesheetentriesonly.pdf 2016-05-23 21:28 - 2016-05-23 21:28 - 00058090 _____ C:\Users\Vedang\Downloads\OL_Example1SinglePolicyExample.pdf 2016-05-23 20:30 - 2016-05-23 20:30 - 00083491 _____ C:\Users\Vedang\Downloads\OL_KnowledgeToActionHO3CoverageCase06677.pdf 2016-05-23 20:17 - 2016-05-23 20:17 - 00090560 _____ C:\Users\Vedang\Downloads\Ol_SummaryofEndorsements.pdf 2016-05-23 19:51 - 2016-05-23 19:51 - 00087239 _____ C:\Users\Vedang\Downloads\OL_ISOHomeownersFormsSimilaritiesandDifferences.pdf 2016-05-23 19:38 - 2016-05-23 19:38 - 00100513 _____ C:\Users\Vedang\Downloads\OL_HOPolicyComparisonBySection.pdf 2016-05-23 19:34 - 2016-05-23 19:34 - 00086347 _____ C:\Users\Vedang\Downloads\OL_KnowledgeToActionHO3SectionIILiabilityCoverageCase.pdf 2016-05-23 19:14 - 2016-05-23 19:14 - 00087511 _____ C:\Users\Vedang\Downloads\OL_GeneralFunctionsofHO3SectionIIConditions.pdf 2016-05-23 19:03 - 2016-05-23 19:03 - 00084212 _____ C:\Users\Vedang\Downloads\DA_01021_04.pdf 2016-05-23 18:33 - 2016-05-23 18:33 - 00089311 _____ C:\Users\Vedang\Downloads\OL_PolicyDefinitionsAndHowTheyApplyToSectionII.pdf 2016-05-23 18:22 - 2016-05-23 18:22 - 00088546 _____ C:\Users\Vedang\Downloads\OL_SpecialLimitsOfLiability.pdf 2016-05-23 18:01 - 2016-05-23 18:01 - 00080438 _____ C:\Users\Vedang\Downloads\OL_LossSettlementExamples.pdf 2016-05-23 17:43 - 2016-05-23 17:43 - 00091144 _____ C:\Users\Vedang\Downloads\OL_AdditionalCoverages.pdf 2016-05-23 17:26 - 2016-05-23 17:26 - 00093745 _____ C:\Users\Vedang\Downloads\OL_KeyChangesInTheISO2011ProgramRevision.pdf 2016-05-23 17:16 - 2016-05-23 17:16 - 00084035 _____ C:\Users\Vedang\Downloads\OL_HowTheISOHomeownersProgramPolicyFormsAddressPersonalRiskManagementNeeds.pdf 2016-05-22 15:11 - 2016-05-22 15:11 - 00102384 _____ C:\Users\Vedang\Downloads\OL_CoveredCausesOfLossInTheBasicFormAndBroadForm.pdf 2016-05-18 18:17 - 2016-05-18 18:17 - 00211078 _____ C:\Users\Vedang\Downloads\46-4416.pdf 2016-05-17 21:11 - 2016-05-29 23:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-14 19:16 - 2014-10-01 14:11 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6D72703A-89CF-4F73-A922-6690DDCBDE9B} 2016-06-14 19:07 - 2015-05-11 04:53 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-14 18:50 - 2015-01-12 18:11 - 00000000 ____D C:\Users\Vedang\AppData\Local\NVIDIA 2016-06-14 18:50 - 2014-09-29 12:19 - 00000000 ____D C:\Users\Vedang\AppData\Local\NVIDIA Corporation 2016-06-14 18:49 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF 2016-06-14 18:37 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-06-14 18:32 - 2015-10-10 14:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-06-14 18:07 - 2015-05-11 04:53 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-14 17:52 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-14 17:52 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-12 17:47 - 2015-01-24 08:25 - 00000000 ____D C:\Users\Vedang\AppData\Roaming\vlc 2016-06-07 19:08 - 2015-05-11 04:53 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-07 19:08 - 2015-05-11 04:53 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-02 19:54 - 2015-11-22 16:48 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-05-29 23:58 - 2015-11-22 16:38 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-05-29 23:58 - 2014-09-29 11:59 - 00000000 __SHD C:\Users\Vedang\IntelGraphicsProfiles 2016-05-29 23:57 - 2015-11-22 16:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-05-29 23:57 - 2015-11-22 16:40 - 00147656 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys 2016-05-29 23:57 - 2015-02-21 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-29 22:36 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-05-26 04:02 - 2015-03-02 21:08 - 00000151 _____ C:\Users\Vedang\Documents\The Institutes.txt 2016-05-23 18:44 - 2015-11-22 16:49 - 00002415 _____ C:\Users\Vedang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-05-23 18:44 - 2015-11-22 16:49 - 00000000 ___RD C:\Users\Vedang\OneDrive 2016-05-21 17:24 - 2015-11-10 19:30 - 00000000 ____D C:\Users\Vedang\Desktop\notes 2 ==================== Files in the root of some directories ======= 2015-03-08 13:51 - 2015-05-10 21:26 - 0000020 _____ () C:\Users\Vedang\AppData\Roaming\appdataFr3.bin 2014-09-29 12:04 - 2014-09-29 12:04 - 0000000 _____ () C:\Users\Vedang\AppData\Local\BluetoothPresent.flag 2014-09-29 12:04 - 2014-09-29 12:04 - 0000000 _____ () C:\Users\Vedang\AppData\Local\Driver_Jupiter_01Present.flag 2015-11-10 17:34 - 2015-11-10 17:34 - 0045153 _____ () C:\Users\Vedang\AppData\Local\Tempdivx3a52 2015-06-24 18:11 - 2015-06-24 18:11 - 0043682 _____ () C:\Users\Vedang\AppData\Local\Tempdivx5c24 2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Vedang\AppData\Local\Tempdivx65cc 2015-05-19 22:26 - 2015-05-19 22:26 - 0043665 _____ () C:\Users\Vedang\AppData\Local\Tempdivx6966 2015-05-14 20:39 - 2015-05-14 20:39 - 0247263 _____ () C:\Users\Vedang\AppData\Local\Tempdivx6a65 2015-09-15 19:22 - 2015-09-15 19:22 - 0266074 _____ () C:\Users\Vedang\AppData\Local\Tempdivx8818 2015-07-07 23:08 - 2015-07-07 23:08 - 0253196 _____ () C:\Users\Vedang\AppData\Local\Tempdivx8b3b 2015-06-24 18:11 - 2015-06-24 18:11 - 1328472 _____ (DivX, LLC) C:\Users\Vedang\AppData\Local\Tempdivxacdc.exe 2015-11-04 08:20 - 2015-11-04 08:20 - 0260500 _____ () C:\Users\Vedang\AppData\Local\Tempdivxceff 2015-07-12 08:30 - 2015-07-12 08:30 - 0043494 _____ () C:\Users\Vedang\AppData\Local\Tempdivxd8e5 2015-10-30 17:25 - 2015-10-30 17:25 - 0047475 _____ () C:\Users\Vedang\AppData\Local\Tempdivxd949 2015-02-21 15:03 - 2016-04-05 23:27 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Some files in TEMP: ==================== C:\Users\Vedang\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Vedang\AppData\Local\Temp\jre-8u73-windows-au.exe C:\Users\Vedang\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Vedang\AppData\Local\Temp\RSPUpgradeInstaller.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-18 20:17 ==================== End of FRST.txt ============================ and Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016 Ran by Vedang (2016-06-14 19:28:27) Running from C:\Users\Vedang\Downloads Windows 10 Home Version 1511 (X64) (2015-11-22 23:47:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2530249291-437664421-3989359840-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2530249291-437664421-3989359840-503 - Limited - Disabled) Guest (S-1-5-21-2530249291-437664421-3989359840-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2530249291-437664421-3989359840-1003 - Limited - Enabled) Vedang (S-1-5-21-2530249291-437664421-3989359840-1001 - Administrator - Enabled) => C:\Users\Vedang ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark) 3DMark (Version: 1.4.828.0 - Futuremark) Hidden ACPI Driver Installer (HKLM-x32\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated) Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.) Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.5 - ) Airplane Mode Hid Installer (x32 Version: 2.0.0.5 - ) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.4218 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2914c - CyberLink Corp.) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5425.52 - CyberLink Corp.) DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.18 - DivX, LLC) DVDFab Media Player 2 (HKLM-x32\...\DVDFab Media Player 2_is1) (Version: 2.5.0.2 - Fengtao Software Inc.) EgisTec Fingerprint Driver (HKLM-x32\...\InstallShield_{74AB6665-AFFE-4419-BC7D-7EB3A68DE5BC}) (Version: 3.2.7.0 - Egis Technology Inc.) Fingerprint Driver (x32 Version: 3.2.7.0 - Egis Technology Inc.) Hidden Futuremark SystemInfo (HKLM-x32\...\{03856D3F-DDDC-4C9A-9202-36529D21D94C}) (Version: 4.32.483.0 - Futuremark) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Hotkey 2.34.48 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 2.34.48 - ) Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.2 - Insyde Corporation) Intel Extreme Tuning Utility (HKLM-x32\...\{a6e81627-a651-408c-8fb6-19a078070830}) (Version: 5.1.0.23 - Intel Corporation) Intel Extreme Tuning Utility (x32 Version: 5.1.0.23 - Intel Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.4.1000 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation) IZArc 4.1.9 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.9 - Ivan Zahariev) Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.2 - Notepad++ Team) NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation) NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd) Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.312 - Qualcomm Atheros Communications) Hidden Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden Qualcomm Atheros Performance Suite (HKLM-x32\...\{70352071-9C2B-4EF0-88E6-9F16FEBAEB36}) (Version: 1.1.38.1281 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.04 - Creative Technology Limited) StatMaker (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{78b2995}) (Version: - Software Publisher) <==== ATTENTION swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.24.1 - Synaptics Incorporated) TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc) TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc) Unity Web Player (HKU\S-1-5-21-2530249291-437664421-3989359840-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.) Windows Driver Package - Insyde (AirplaneModeHid) HIDClass (07/01/2013 1.3.0.0) (HKLM\...\E38E8D276444640BFCE21B5A73FD63C479B76259) (Version: 07/01/2013 1.3.0.0 - Insyde) Windows Driver Package - Synaptics (SmbDrv) System (12/20/2013 18.0.5.0) (HKLM\...\DA080BB0CE3DAD8E62D50FD987729CEA6269CC02) (Version: 12/20/2013 18.0.5.0 - Synaptics) Windows Driver Package - Synaptics (SynTP) Mouse (12/20/2013 18.0.5.0) (HKLM\...\E9740F400D100CC09BF3C9C7C39C99108CAE5A47) (Version: 12/20/2013 18.0.5.0 - Synaptics) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2530249291-437664421-3989359840-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Vedang\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {068EBF87-8017-4DFE-9082-BB1E13F48ECB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-10] (Microsoft Corporation) Task: {0B37670F-B2B3-4CEA-92BD-89D9EC74EA7A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {0ED2AC58-A813-403F-8EB9-58870FDB4DA5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {181ECAED-5DC2-4201-A057-73226FBBDC4D} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-03-01] (DivX, LLC) Task: {211AE974-CA43-4674-A375-ECC5F236D040} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {2A214081-9B23-4110-89AF-7847040CACD4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {44BE9146-762E-4C7B-99B3-30A1DEAB9E17} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {4CADF07B-9FCA-4FE6-A9DE-B7B233CB6F90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-11] (Google Inc.) Task: {5096AA5E-C0B3-4029-A1A9-6B69B92ED4CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-11] (Google Inc.) Task: {7EDAE6D3-5819-4C86-9FA1-F8BB8C2315B1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {88961517-4805-40EE-84AC-A9A79C923636} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.) Task: {90F203D8-C9FE-44B7-8204-88DD5DEBE608} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {9A21947C-DC84-4CCD-A0CB-9C8DBD283E74} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {B7C95EA6-AB84-4499-947D-3DFBB48DA240} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {B8BBF911-D00D-49A8-B443-E593F4DEDC02} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {C7F2C0D1-A9CD-4105-A7D6-01EF6CF1B3B2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {CD9E506A-F5BC-4F7D-842B-FE23924A056E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {D50019EA-9AE3-4411-9F2B-92B677F48B11} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {E9DD04EB-9583-402E-ABD4-3AB6FAB9265C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Vedang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Vedang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-11-22 16:38 - 2016-03-21 19:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-09-30 14:54 - 2015-01-12 20:38 - 00076152 _____ () C:\windows\system32\PnkBstrA.exe 2016-04-12 18:14 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-12 18:14 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-23 18:44 - 2016-05-23 18:44 - 00959168 _____ () C:\Users\Vedang\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-04-19 12:47 - 2016-04-19 12:47 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-07-18 00:35 - 2015-12-19 01:08 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe 2015-12-17 18:08 - 2015-12-06 21:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-10 19:19 - 2016-04-22 21:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-10 19:19 - 2016-04-22 21:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-10 19:19 - 2016-04-22 20:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-10 19:19 - 2016-04-22 20:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-10 19:20 - 2016-04-22 21:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-09-29 10:14 - 2013-01-25 08:08 - 00089600 _____ () C:\windows\SYSTEM32\CmdRtr64.DLL 2014-09-29 10:14 - 2013-01-25 08:06 - 00328704 _____ () C:\windows\SYSTEM32\APOMgr64.DLL 2013-12-09 12:07 - 2013-12-09 12:07 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe 2016-01-20 18:07 - 2016-01-20 18:07 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe 2015-12-14 17:49 - 2015-12-14 17:49 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-06-14 18:49 - 2016-05-01 22:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-04-17 12:59 - 2016-05-01 22:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-06-14 18:49 - 2016-05-01 22:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-06-14 18:49 - 2016-05-01 22:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-06-14 18:49 - 2016-05-01 22:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-06-14 18:49 - 2016-05-01 22:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-06-14 18:49 - 2016-05-01 22:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-04-17 12:59 - 2016-05-01 22:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-06-14 18:49 - 2016-05-01 22:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-06-14 18:49 - 2016-05-01 22:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-04-19 12:47 - 2016-04-19 12:47 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 12:47 - 2016-04-19 12:47 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-05-23 18:44 - 2016-05-23 18:44 - 00679624 _____ () C:\Users\Vedang\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2011-03-09 11:21 - 2011-03-09 11:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2011-03-09 11:21 - 2011-03-09 11:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2014-09-03 08:03 - 2014-09-03 08:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-05-09 10:29 - 2016-05-01 23:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-06-07 19:08 - 2016-06-03 18:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll 2016-06-07 19:08 - 2016-06-03 18:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll 2016-06-07 19:08 - 2016-06-03 18:56 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2530249291-437664421-3989359840-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Vedang\Pictures\new_york_city_aerial_view-wallpaper-1920x1080.jpg DNS Servers: 68.105.28.11 - 68.105.29.11 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "DivXUpdate" HKLM\...\StartupApproved\Run32: => "ConnectionCenter" HKLM\...\StartupApproved\Run32: => "Redirector" HKU\S-1-5-21-2530249291-437664421-3989359840-1001\...\StartupApproved\StartupFolder: => "gtgBR72G.mkv.lnk" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{5659E3D2-CA85-441B-A960-7349611B10CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{B6415DAB-A2C6-4FE4-AC23-70D8E43AE63A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{159A68FC-1F99-4383-AC13-FACD22E99ADB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{6D106E9A-2F9E-4FF7-99EB-585794601886}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{D908A8E7-1AF9-4867-955B-FBFE9DD2EF6C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [UDP Query User{2E72AE6E-2668-4881-AEA9-DFDF7D832B83}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [TCP Query User{73F04D33-9C0E-4FEA-AD38-39E982A3641E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{68D4BFD4-C02B-4A06-B15A-4352E15D4A32}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{A8CDC26A-AAEC-4EA1-95A5-7527ED8F6A22}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{B64AF227-64E6-4161-92A2-CFAD19B92514}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9BD6696A-201B-4D2C-B326-C95380106E17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{C0B422E0-9B13-4AFA-B79E-22533609AA7C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [TCP Query User{B703D59D-04F6-4EC6-A691-5018D767005E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{FBFA2CA1-0402-48ED-B3E5-0A4B441E4BF9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{21D8C075-5E01-4DED-8545-F83A87CD264F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{991A5242-DD95-4B71-BD5E-531A31ACC8A1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{7D06D8C0-E083-4658-B619-4E3CFBFAA0B7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{9A352ECB-E2CD-4B82-AC1A-CFC706575274}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{0B472FCC-86A3-492C-9CBE-2C88331CDE3F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{FBD82ADB-BD88-4B7A-87CB-34CB417F9B1C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{17CC09F6-FECB-4076-948D-F2EBD2185A5E}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe FirewallRules: [{B474403F-F99F-4D8E-B046-77D0A6E93B75}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{0FCDFE3C-BA07-491D-9A08-12A03C7022FC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe FirewallRules: [{B71AED4C-EF50-462A-AB34-C112A47E49C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{9B31B57D-D360-4EBD-9B47-343F85C6C0F8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{CFAFC46D-0102-44D6-BF94-17408CA2006B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{EDF2500A-2769-4BF1-9BB4-D0040FC0E453}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{054A1C41-C7F1-4E59-B1B5-77799353AD39}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{1F9089CF-5002-49F2-B271-55E483343930}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{D3F850F7-DF8B-4702-A42C-CBFF1AE68BAE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{13EF03E0-E9DB-4477-A686-0AAA672EB5E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{18905F2F-8F32-499F-B92B-FE6BCB9737D7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{7F9F4D33-C49E-492E-B121-55991325ABFE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{71072265-5C8C-4271-A6B9-8FD642B6C9D6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{5D4A1234-E17C-410C-ABAF-41520C6CFAE2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{97D0AE5E-113E-446B-AD22-A7442C7B26C6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{AB814216-204F-49C5-B8AE-1BA8D4D1BD4A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{4045576E-FE0C-4502-9867-3618DB3A9CE7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 22-05-2016 19:14:41 Scheduled Checkpoint 31-05-2016 21:37:27 Scheduled Checkpoint 11-06-2016 18:15:16 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/11/2016 06:15:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/31/2016 09:37:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/22/2016 07:14:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/19/2016 07:44:04 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (05/18/2016 01:07:13 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LockApp.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1c48 Start Time: 01d1b13f30cd594e Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Report Id: 1add6882-1d34-11e6-82e8-80fa5b034ed7 Faulting package full name: Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy Faulting package-relative application ID: WindowsDefaultLockScreen Error: (05/14/2016 12:59:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/12/2016 12:18:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_StateRepository, version: 10.0.10586.0, time stamp: 0x5632d7ba Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a849ab Exception code: 0xc0000005 Fault offset: 0x0000000000056e29 Faulting process id: 0x9ec Faulting application start time: 0xsvchost.exe_StateRepository0 Faulting application path: svchost.exe_StateRepository1 Faulting module path: svchost.exe_StateRepository2 Report Id: svchost.exe_StateRepository3 Faulting package full name: svchost.exe_StateRepository4 Faulting package-relative application ID: svchost.exe_StateRepository5 Error: (05/10/2016 10:53:58 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (05/10/2016 10:50:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/10/2016 10:50:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . System errors: ============= Error: (06/14/2016 06:44:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/14/2016 05:26:57 PM) (Source: DCOM) (EventID: 10016) (User: Vedang-MYTH) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Vedang-MYTHVedangS-1-5-21-2530249291-437664421-3989359840-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/14/2016 05:26:57 PM) (Source: DCOM) (EventID: 10016) (User: Vedang-MYTH) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Vedang-MYTHVedangS-1-5-21-2530249291-437664421-3989359840-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/14/2016 02:12:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/13/2016 02:07:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/13/2016 12:07:39 AM) (Source: DCOM) (EventID: 10016) (User: Vedang-MYTH) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Vedang-MYTHVedangS-1-5-21-2530249291-437664421-3989359840-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/13/2016 12:07:39 AM) (Source: DCOM) (EventID: 10016) (User: Vedang-MYTH) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Vedang-MYTHVedangS-1-5-21-2530249291-437664421-3989359840-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/12/2016 08:50:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/12/2016 06:16:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/12/2016 06:01:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable CodeIntegrity: =================================== Date: 2016-05-30 21:42:29.077 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-17 20:15:47.488 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-15 12:36:04.658 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-13 00:04:47.408 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-12 00:34:17.011 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-12 00:23:05.475 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-11 22:19:18.843 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-11 17:42:47.722 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-10 17:32:59.747 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-20 18:02:26.868 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz Percentage of memory in use: 30% Total physical RAM: 16300.14 MB Available physical RAM: 11401.25 MB Total Virtual: 16500.14 MB Available Virtual: 10996.93 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:228.07 GB) (Free:165.78 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 7E9946AB) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 15, 2016 ID:1045507 Share Posted June 15, 2016 Hello and Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system. Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Make sure that Addition.txt option is checked. option is checked. Press Scan button and wait. The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt. Please attach report into your next reply. Link to post Share on other sites More sharing options...
HelloJedi Posted June 15, 2016 Author ID:1045527 Share Posted June 15, 2016 Thanks! I have them attached. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 15, 2016 ID:1045532 Share Posted June 15, 2016 Please uninstall StatMaker Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finishes FRST will generate a log on the Desktop, called Fixlog.txt. Please attach it to your reply. Fix with ESET Services Repair Please download [URL=https://www.sendspace.com/file/0grp2v]Services Repair[/URL] by ESET and save it to your desktop. Right-click on icon and select Run as Administrator to start the tool. If security notifications appear, click Continue or Run. Accept the prompt about restoring services. Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart. A log will be saved in the CCSupport folder the tool created on your desktop. Please include that logfile in your next reply. fixlist.txt Link to post Share on other sites More sharing options...
HelloJedi Posted June 15, 2016 Author ID:1045538 Share Posted June 15, 2016 I'm running into an issue uninstalling that software from the control panel's Programs and Features screen. I get the error dialogue: Do I need to uninstall that program before I do those fixes? Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 15, 2016 ID:1045542 Share Posted June 15, 2016 No, you can proceed with other steps. Link to post Share on other sites More sharing options...
HelloJedi Posted June 15, 2016 Author ID:1045545 Share Posted June 15, 2016 Okay. It is now attached. Fixlog.txt SvcRepair.log Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 15, 2016 ID:1045626 Share Posted June 15, 2016 How is your PC behaving now? Link to post Share on other sites More sharing options...
HelloJedi Posted June 15, 2016 Author ID:1045628 Share Posted June 15, 2016 It seems to run okay did you see anything that seemed out of the ordinary in the logs? I still have that Statmaker program on my programs list. I'm not sure how that is affecting my system, but according to a few articles it looks like I should remove it. Should we try other malware removal tools? I'll be out for the next few hours, but can be back later today. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 15, 2016 ID:1045651 Share Posted June 15, 2016 Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Cleaning. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner Link to post Share on other sites More sharing options...
HelloJedi Posted June 16, 2016 Author ID:1045687 Share Posted June 16, 2016 It looks like it worked! Log file is attached. I checked my programs list and statmaker is no longer there. Unless you see anything strange in the log file, I think that should be it. Thanks! AdwCleaner[S1].txt AdwCleaner[C1].txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 16, 2016 ID:1045734 Share Posted June 16, 2016 Since there are no more problems, we can declare this PC clean Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones. Step 1. - Creation of system restore point and tools removal. Download DelFix by Xplode and save it to your desktop. Run the tool by right click on the icon and Run as administrator option. Make sure that these ones are checked:Remove disinfection tools Purge system restore Reset system settings Push Run and wait until the tool completes his work. All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review. Tool deletes old system restore points and creates a fresh system restore point after cleaning. Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape. Security tips - highly recommended reading: Simple and easy ways to keep your computer safe and secure on the InternetMaintenance tips: Optimize Windows for better performanceAdditional software that I personally use and install on all my clients devices: Malwarebytes' Anti-Malware(paid version highly recommended) - to scan your system from time to time in search for malware. Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities. McShield - to prevent infections spread by removable media. Unchecky - to prevent from installing additional foistware, implemented in legitimate installations. CryptoPrevent - tool for protection against Cryptolocker and similar ransomware infections. Adblock - to surf the web without annoying ads! Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date. My help is free for everybody. If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation: Thank you! Stay safe, TwinHeadedEagle Link to post Share on other sites More sharing options...
HelloJedi Posted June 16, 2016 Author ID:1045825 Share Posted June 16, 2016 Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 5, 2016 Root Admin ID:1054766 Share Posted August 5, 2016 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts