Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015 Ran by Rajinikanth (administrator) on SARVESH-DSK (12-11-2015 13:42:11) Running from C:\Users\Rajinikanth\Desktop Loaded Profiles: Rajinikanth (Available Profiles: Rajinikanth & Deploy) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe (BitTorrent Inc.) C:\Users\Rajinikanth\AppData\Roaming\uTorrent\uTorrent.exe (Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (TP-LINK Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (BitTorrent Inc.) C:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe (BitTorrent Inc.) C:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [igfxEM_64] => "C:\PROGRA~3\igfxEM_64.exe" HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505872 2012-07-25] (CyberLink) HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [374560 2012-07-25] (CyberLink Corp.) HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [uTorrent] => C:\Users\Rajinikanth\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-13] (BitTorrent Inc.) HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [DAEMON Tools Lite Automount] => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-12-28] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Client Utility.lnk [2012-07-05] ShortcutTarget: TP-LINK Wireless Client Utility.lnk -> C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe (TP-LINK Technology, Corp.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{0B29B12F-5142-4420-935D-3E17F0E6FDDB}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{492BB5EE-2F43-4084-A03B-2BF7904C8544}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{69C927DF-D948-467A-8720-6ED730F92778}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1873260180-584723267-4080468776-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1873260180-584723267-4080468776-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1873260180-584723267-4080468776-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-1873260180-584723267-4080468776-1000 -> {78CC8F23-5F76-4711-9F10-B19F78179064} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms} BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll => No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [No File] FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [No File] FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{B1FC07E1-E05B-4567-8891-E63FBE545BA8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found Chrome: ======= CHR Profile: C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-12] CHR Extension: (Google Drive) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12] CHR Extension: (Gmail) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-12] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.) R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-25] (CyberLink Corp.) R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-07-25] (CyberLink) R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-07-25] (CyberLink) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation) R2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe [374112 2011-03-14] (Ralink Technology, Corp.) R2 RalinkRegistryWriter64; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe [451936 2011-03-14] (Ralink Technology, Corp.) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] () S3 TpMediaServer; C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe [619872 2011-03-14] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S3 Disc Soft Lite Bus Service; "C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-12-28] (Broadcom Corporation.) R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-06-17] (BIOSTAR Group) R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-06-17] (BIOSTAR Group) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-20] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 MPMFL; C:\Windows\System32\DRIVERS\MPMFL.sys [23272 2012-12-17] (Windows (R) Server 2003 DDK provider) R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation) S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation) S3 ZG760_64; C:\Windows\System32\DRIVERS\WlanGZ64.SYS [493696 2006-08-17] (ZyDAS Technology Corporation) S3 ZG760_64; C:\Windows\SysWOW64\DRIVERS\WlanGZ64.SYS [493696 2006-08-17] (ZyDAS Technology Corporation) R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-08-10] (CyberLink Corp.) S3 catchme; \??\C:\george2093g\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-12 13:42 - 2015-11-12 13:42 - 00015123 _____ C:\Users\Rajinikanth\Desktop\FRST.txt 2015-11-12 13:41 - 2015-11-08 17:38 - 02198528 _____ (Farbar) C:\Users\Rajinikanth\Desktop\FRST64.exe 2015-11-12 13:40 - 2015-11-12 13:40 - 00003809 _____ C:\Users\Rajinikanth\Desktop\VEW_ranWithApplicationONLY_11122015_3_avgrem.txt 2015-11-12 13:09 - 2015-11-12 13:09 - 00003809 _____ C:\Users\Rajinikanth\Desktop\VEW_ranWithApplicationONLY_11122015_2.txt 2015-11-12 13:07 - 2015-11-12 13:08 - 00002069 _____ C:\Users\Rajinikanth\Desktop\VEW_ranWithSystemONLY_11122015_2.txt 2015-11-12 11:05 - 2015-11-12 11:05 - 00000091 _____ C:\Users\Rajinikanth\Desktop\speedfan report.txt 2015-11-12 10:57 - 2015-11-12 10:57 - 00000468 _____ C:\Users\Rajinikanth\Desktop\VEW_ranWithApplicationONLY_11122015.txt 2015-11-12 10:55 - 2015-11-12 10:56 - 00000453 _____ C:\Users\Rajinikanth\Desktop\VEW_ranWithSystemONLY_11122015.txt 2015-11-12 00:19 - 2015-11-12 00:19 - 00000000 ____D C:\Windows\CheckSur 2015-11-11 23:59 - 2015-11-11 23:42 - 564744309 _____ C:\Users\Rajinikanth\Desktop\Windows6.1-KB947821-v34-x64.msu 2015-11-11 20:59 - 2015-11-12 11:02 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-11-11 20:59 - 2015-11-11 20:59 - 00001046 _____ C:\Users\Rajinikanth\Desktop\SpeedFan.lnk 2015-11-11 20:59 - 2015-11-11 20:59 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo 2015-11-11 20:59 - 2015-11-11 20:59 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan 2015-11-11 20:58 - 2015-11-11 20:31 - 02218504 _____ C:\Users\Rajinikanth\Desktop\instspeedfan451.exe 2015-11-11 20:28 - 2015-11-11 20:28 - 00007757 _____ C:\Users\Rajinikanth\Desktop\VEW_ranWithApplicationONLY.txt 2015-11-11 20:27 - 2015-11-11 20:27 - 00005558 _____ C:\Users\Rajinikanth\Desktop\VEW_ranWithSystemONLY.txt 2015-11-11 20:25 - 2015-11-12 13:39 - 00003809 _____ C:\VEW.txt 2015-11-11 20:24 - 2015-11-11 20:24 - 00061440 _____ ( ) C:\Users\Rajinikanth\Desktop\VEW.exe 2015-11-11 08:15 - 2015-11-11 08:15 - 00270920 _____ C:\Windows\Minidump\111115-17596-01.dmp 2015-11-11 01:02 - 2015-11-11 01:02 - 00018973 _____ C:\ComboFix.txt 2015-11-11 00:42 - 2015-11-11 00:42 - 00000000 ____D C:\ProgramData\RealNetworks 2015-11-11 00:41 - 2015-11-12 13:01 - 00000000 ____D C:\ProgramData\NVIDIA 2015-11-11 00:30 - 2015-11-11 08:15 - 374735438 _____ C:\Windows\MEMORY.DMP 2015-11-11 00:30 - 2015-11-11 00:30 - 00313944 _____ C:\Windows\Minidump\111115-18657-01.dmp 2015-11-10 23:01 - 2015-11-11 01:02 - 00000000 ____D C:\Qoobox 2015-11-10 23:01 - 2015-11-10 23:15 - 00000000 ____D C:\george 2015-11-10 23:01 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe 2015-11-10 23:01 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe 2015-11-10 23:01 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-11-10 23:01 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-11-10 23:01 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-11-10 23:01 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe 2015-11-10 23:01 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe 2015-11-10 23:01 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe 2015-11-10 23:00 - 2015-11-10 23:30 - 00000000 ____D C:\Windows\erdnt 2015-11-10 22:58 - 2015-11-10 22:30 - 05638248 ____R (Swearware) C:\Users\Rajinikanth\Desktop\george.exe 2015-11-10 22:07 - 2015-11-10 21:35 - 01090912 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Rajinikanth\Desktop\avg_remover_stf_x86_2011_1184.exe 2015-11-10 21:42 - 2015-11-10 21:34 - 05200384 _____ (AVAST Software) C:\Users\Rajinikanth\Desktop\aswmbr.exe 2015-11-10 21:32 - 2015-11-10 22:39 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1873260180-584723267-4080468776-1000 2015-11-09 19:03 - 2015-11-10 18:10 - 00000000 ____D C:\Windows\system32\MpEngineStore 2015-11-09 07:49 - 2015-11-10 22:39 - 00003258 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1873260180-584723267-4080468776-1000 2015-11-08 23:24 - 2015-11-08 23:24 - 00000036 _____ C:\Users\Rajinikanth\AppData\Local\housecall.guid.cache 2015-11-08 23:14 - 2015-11-08 23:14 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\QuickScan 2015-11-08 17:51 - 2015-11-12 13:42 - 00000000 ____D C:\FRST 2015-11-08 17:36 - 2015-11-08 17:44 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\tor 2015-11-08 16:42 - 2015-11-08 16:42 - 00007626 _____ C:\Users\Rajinikanth\AppData\Local\Resmon.ResmonCfg 2015-11-08 14:37 - 2015-11-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-08 14:37 - 2015-11-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-08 14:37 - 2015-11-08 15:24 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Mozilla 2015-11-08 14:37 - 2015-11-08 14:37 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Mozilla 2015-11-08 02:23 - 2015-11-12 13:03 - 00000000 ____D C:\Users\Rajinikanth\AppData\LocalLow\uTorrent 2015-10-23 20:26 - 2015-11-12 10:23 - 03474516 _____ C:\Windows\system32\CFG2228303646 2015-10-23 20:14 - 2015-10-23 20:14 - 00329496 _____ C:\Windows\Minidump\102315-55536-01.dmp 2015-10-23 20:11 - 2015-10-23 20:12 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} 2015-10-13 20:32 - 2015-10-13 20:32 - 00020679 _____ C:\Users\Rajinikanth\Downloads\32415815A0B4621400688F0BF2966D7FD3435D93.torrent 2015-10-13 20:31 - 2015-10-13 20:31 - 00019703 _____ C:\Users\Rajinikanth\Downloads\D6525C8CB07CBC6CE001A97541DAD408D4F1FFF0.torrent 2015-10-13 20:30 - 2015-10-13 20:30 - 00019715 _____ C:\Users\Rajinikanth\Downloads\81BA198ED92739B4BCEE99C90FF5EFA0B71069D4.torrent 2015-10-13 20:28 - 2015-10-13 20:28 - 00017607 _____ C:\Users\Rajinikanth\Downloads\D5A14DD9675E85750E60051FC86F0AB402E9443F.torrent 2015-10-13 20:24 - 2015-10-13 20:24 - 00013303 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - Unnale Unnale 2006 Tamil 720p DVDRip x264 1.2GB ESubs.torrent 2015-10-13 20:23 - 2015-10-13 20:23 - 00012075 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - VSOP (2015)1080p v2 HD - AVC - MP4 - 5.1 - 4.4GB - Tamil.mp4.torrent 2015-10-13 20:21 - 2015-10-13 20:21 - 00016196 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - Baahubali (2015)1080p DVDRip - Tamil AAC 5.1 (Original) - 3GB ESubs.torrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-12 13:42 - 2012-09-08 20:28 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\uTorrent 2015-11-12 13:11 - 2009-07-13 22:45 - 00026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-12 13:11 - 2009-07-13 22:45 - 00026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-12 13:10 - 2012-02-01 01:41 - 01428138 _____ C:\Windows\WindowsUpdate.log 2015-11-12 13:02 - 2009-07-13 22:51 - 00113848 _____ C:\Windows\setupact.log 2015-11-12 13:01 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-12 11:04 - 2015-07-18 22:43 - 00000000 ____D C:\Program Files (x86)\Google 2015-11-12 11:04 - 2015-06-20 00:12 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\CrashDumps 2015-11-12 10:50 - 2009-07-13 23:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-12 10:30 - 2012-02-10 22:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Google 2015-11-12 01:33 - 2012-02-10 22:09 - 00000000 ____D C:\Users\Rajinikanth\Desktop\Default 2015-11-11 08:15 - 2012-02-16 00:10 - 00000000 ____D C:\Windows\Minidump 2015-11-11 01:41 - 2010-11-20 21:47 - 00030802 _____ C:\Windows\PFRO.log 2015-11-11 01:00 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini 2015-11-11 00:34 - 2012-08-24 15:37 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\vlc 2015-11-09 11:08 - 2014-07-23 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrok 2015-11-09 11:08 - 2014-07-23 17:07 - 00000000 ____D C:\Program Files (x86)\Acrok 2015-11-09 11:08 - 2012-08-01 12:42 - 00000000 ____D C:\Users\Deploy 2015-11-09 11:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF 2015-11-09 11:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration 2015-11-09 11:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat 2015-11-09 07:44 - 2012-02-01 01:40 - 00000000 ____D C:\Users\Rajinikanth 2015-11-08 19:23 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-11-08 14:32 - 2012-02-10 22:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Deployment 2015-10-23 20:10 - 2012-02-10 23:53 - 00000000 ____D C:\ProgramData\MFAData 2015-10-21 14:37 - 2015-06-23 08:54 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Files in the root of some directories ======= 2012-08-01 23:29 - 2012-09-29 14:45 - 0015872 _____ () C:\Users\Rajinikanth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-11-08 23:24 - 2015-11-08 23:24 - 0000036 _____ () C:\Users\Rajinikanth\AppData\Local\housecall.guid.cache 2015-11-08 16:42 - 2015-11-08 16:42 - 0007626 _____ () C:\Users\Rajinikanth\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-11 15:05 ==================== End of FRST.txt ============================