Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus and malware- (Virtumonde) [Solved]

Started by tennizen , Oct 27 2013 08:26 AM

This topic is locked

#1
tennizen

Posted 27 October 2013 - 08:26 AM

Member

Member
68 posts

Here is the OTL log. Thanks in advance..

OTL logfile created on: 10/27/2013 9:57:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hema\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 45.52% Memory free
7.60 Gb Paging File | 5.46 Gb Available in Paging File | 71.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 16.20 Gb Free Space | 16.20% Space Free | Partition Type: NTFS
Drive D: | 350.66 Gb Total Space | 330.15 Gb Free Space | 94.15% Space Free | Partition Type: NTFS

Computer Name: VEDA | User Name: Hema | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/27 09:56:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hema\Downloads\OTL.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/08 20:12:54 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/09/30 21:36:01 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/25 17:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/17 17:18:55 | 000,422,632 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/01/12 04:02:40 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/12/14 03:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/11/11 00:21:36 | 000,717,312 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/06 21:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/09/30 08:01:32 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:01:30 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2009/01/08 09:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Hema\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/27 07:59:53 | 000,128,512 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\_elementtree.pyd
MOD - [2013/10/27 07:59:53 | 000,044,032 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\_socket.pyd
MOD - [2013/10/27 07:59:52 | 000,805,888 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\wx._gdi_.pyd
MOD - [2013/10/27 07:59:52 | 000,557,056 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\pysqlite2._sqlite.pyd
MOD - [2013/10/27 07:59:52 | 000,504,832 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\windows._cacheinvalidation.pyd
MOD - [2013/10/27 07:59:52 | 000,320,512 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\win32com.shell.shell.pyd
MOD - [2013/10/27 07:59:52 | 000,098,816 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\win32api.pyd
MOD - [2013/10/27 07:59:52 | 000,070,656 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\wx._html2.pyd
MOD - [2013/10/27 07:59:52 | 000,026,624 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\_multiprocessing.pyd
MOD - [2013/10/27 07:59:52 | 000,022,528 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\win32ts.pyd
MOD - [2013/10/27 07:59:52 | 000,017,408 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\win32profile.pyd
MOD - [2013/10/27 07:59:52 | 000,011,264 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\win32crypt.pyd
MOD - [2013/10/27 07:59:51 | 001,175,040 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\wx._core_.pyd
MOD - [2013/10/27 07:59:51 | 001,153,024 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\_ssl.pyd
MOD - [2013/10/27 07:59:51 | 000,735,232 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\wx._misc_.pyd
MOD - [2013/10/27 07:59:51 | 000,711,680 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\_hashlib.pyd
MOD - [2013/10/27 07:59:51 | 000,364,544 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\pythoncom27.dll
MOD - [2013/10/27 07:59:51 | 000,110,080 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\PyWinTypes27.dll
MOD - [2013/10/27 07:59:51 | 000,108,544 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\win32security.pyd
MOD - [2013/10/27 07:59:51 | 000,087,040 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\_ctypes.pyd
MOD - [2013/10/27 07:59:51 | 000,035,840 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\win32process.pyd
MOD - [2013/10/27 07:59:51 | 000,025,600 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\win32pdh.pyd
MOD - [2013/10/27 07:59:50 | 000,811,008 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\wx._windows_.pyd
MOD - [2013/10/27 07:59:50 | 000,122,368 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\wx._wizard.pyd
MOD - [2013/10/27 07:59:50 | 000,119,808 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\win32file.pyd
MOD - [2013/10/27 07:59:50 | 000,038,912 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\win32inet.pyd
MOD - [2013/10/27 07:59:49 | 001,062,400 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\wx._controls_.pyd
MOD - [2013/10/27 07:59:49 | 000,686,080 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\unicodedata.pyd
MOD - [2013/10/27 07:59:49 | 000,127,488 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\pyexpat.pyd
MOD - [2013/10/27 07:59:49 | 000,018,432 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\win32event.pyd
MOD - [2013/10/27 07:59:48 | 000,010,240 | ---- | M] () -- C:\Users\Hema\AppData\Local\Temp\_MEI34165\select.pyd
MOD - [2013/10/08 20:12:49 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/09/30 21:35:32 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/12/09 21:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/03/12 21:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/08 20:12:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/30 21:36:00 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 08:01:32 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 08:01:30 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/04 19:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 18:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 09:15:14 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/20 02:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 16:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/26 16:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 23:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/28 05:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 02:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2009/11/19 23:49:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/22 19:44:12] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: collector%40broceliand.fr:6.0.15
FF - prefs.js..extensions.enabledAddons: %7B5F590AA2-1221-4113-A6F4-A4BB62414FAC%7D:0.45.8.20130519.3
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.22
FF - prefs.js..extensions.enabledAddons: firefox%40luckyleap.net:1.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Hema\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Hema\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Hema\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Hema\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hema\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hema\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/10 18:01:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\

[2010/05/20 13:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hema\AppData\Roaming\Mozilla\Extensions
[2010/05/11 15:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hema\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/10/20 19:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions
[2013/08/07 22:10:25 | 000,000,000 | ---D | M] (saVVennsharie) -- C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]
[2013/04/23 12:48:55 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]
[2013/08/29 23:34:12 | 000,007,293 | ---- | M] () (No name found) -- C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]
[2013/09/15 13:23:23 | 000,723,773 | ---- | M] () (No name found) -- C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]
[2013/05/24 22:53:35 | 000,043,024 | ---- | M] () (No name found) -- C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
[2013/10/20 19:34:25 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/23 12:45:10 | 000,007,027 | ---- | M] () (No name found) -- C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]\chrome\skin\images\info\premiumExpired.png
[2013/04/23 12:45:10 | 000,000,269 | ---- | M] () (No name found) -- C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]\chrome\skin\images\new\padlockExpired.png
[2013/09/30 21:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/14 07:19:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/30 21:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/14 07:19:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/30 21:36:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - Extension: No name found = C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0\
CHR - Extension: No name found = C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmmcbhncfcjjobiejmaaoonmakcenji\5.10\
CHR - Extension: No name found = C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: No name found = C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/23 15:52:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Hema\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2C67103-D508-4846-957A-CE728674DAB5}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/22 08:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/22 08:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/13 18:37:34 | 000,000,000 | ---D | C] -- C:\Users\Hema\Desktop\MO
[2013/10/13 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\Hema\Desktop\DOE
[2013/10/12 00:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/09/30 21:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

File not found -- C:\windows\SysNative\
[2013/10/27 09:34:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001UA.job
[2013/10/27 09:16:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/27 09:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/27 07:59:47 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/27 07:59:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/27 07:15:20 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/27 07:15:20 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/27 07:07:50 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/26 18:34:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001Core.job
[2013/10/19 21:15:55 | 000,783,354 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/10/19 21:15:55 | 000,663,472 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/10/19 21:15:55 | 000,122,308 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/10/19 15:57:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/12 08:29:56 | 000,429,520 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/10/11 00:12:01 | 000,777,570 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/10/10 23:51:29 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif

========== Files Created - No Company Name ==========

File not found -- C:\windows\SysNative\
[2013/10/19 15:57:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/19 22:05:33 | 000,000,218 | ---- | C] () -- C:\Users\Hema\AppData\Local\recently-used.xbel
[2012/06/01 10:14:30 | 000,000,000 | ---- | C] () -- C:\Users\Hema\AppData\Roaming\wklnhst.dat
[2011/09/01 12:57:54 | 000,003,584 | ---- | C] () -- C:\Users\Hema\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/19 10:23:47 | 000,000,000 | ---- | C] () -- C:\Users\Hema\co2-sample.html

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/08 19:30:39 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Advanced Chemistry Development
[2010/09/22 23:31:45 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Audacity
[2012/03/20 13:02:04 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Azureus
[2011/05/06 20:53:48 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\calibre
[2013/04/19 22:05:33 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\deluge
[2010/12/08 11:37:58 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Dextronet
[2012/04/28 08:09:04 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\EssentialPIM
[2010/07/13 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\foobar2000
[2013/01/11 03:33:16 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Free Download Manager
[2010/05/28 16:01:58 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\GARMIN
[2012/03/08 12:06:54 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\gtk-2.0
[2010/05/21 08:58:28 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\JGsoft
[2012/03/08 12:13:58 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\keepnote
[2011/12/22 21:27:50 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Mobipocket
[2012/05/03 11:45:48 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\NCH Swift Sound
[2010/07/13 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Notepad++
[2013/03/10 09:22:52 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Octoshape
[2011/01/06 23:17:00 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Open Watcom
[2010/11/09 12:02:49 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Opera
[2013/09/15 19:58:24 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\PandoraRecovery
[2011/01/10 13:54:22 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\RayV
[2011/03/18 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Runiter
[2012/06/01 10:14:32 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Template
[2010/05/11 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\Thunderbird
[2011/04/08 15:50:23 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\UDC Profiles
[2013/04/26 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\Hema\AppData\Roaming\WinPatrol

========== Purity Check ==========

< End of report >

#2
emeraldnzl

Posted 28 October 2013 - 01:46 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello tennizen,

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called (FRST.txt) in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

#3
tennizen

Posted 28 October 2013 - 06:22 PM

Member

Topic Starter
Member
68 posts

Hi emeraldnzl

Thanks for the quick reply. Here are the logs you asked for.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Hema (administrator) on VEDA on 28-10-2013 20:15:59
Running from C:\Users\Hema\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Octoshape ApS) C:\Users\Hema\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\windows\splwow64.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKCU\...\Run: [Octoshape Streaming Services] - C:\Users\Hema\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKLM-x32\...\Run: [Everything] - C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [422632 2013-04-17] (BillP Studios)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: https://www.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Hema\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Hema\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Hema\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Hema\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hema\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hema\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: saVVennsharie - C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\Extensions\[email protected]
FF Extension: pearltrees - C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\Extensions\[email protected]
FF Extension: firefox - C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\Extensions\[email protected]
FF Extension: stefanvandamme - C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\Extensions\[email protected]
FF Extension: No Name - C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
FF Extension: Adblock Plus - C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Social Privacy\FF\

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (lucky leap) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0
CHR Extension: (saVVennsharie ) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmmcbhncfcjjobiejmaaoonmakcenji\5.10
CHR Extension: (Skype Click to Call) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-11-19] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

Error(0) reading file: "C:\windows\system32\ "
2013-10-28 20:15 - 2013-10-28 20:15 - 01956538 _____ (Farbar) C:\Users\Hema\Downloads\FRST64.exe
2013-10-28 20:15 - 2013-10-28 20:15 - 00000000 ____D C:\FRST
2013-10-28 09:35 - 2013-10-28 09:57 - 00000000 ____D C:\Users\Hema\Desktop\Gautam Yoda
2013-10-28 09:34 - 2013-10-28 09:34 - 00000165 ____H C:\Users\Hema\Desktop\~$List.xlsx
2013-10-27 22:23 - 2013-10-27 23:18 - 00008500 _____ C:\Users\Hema\Desktop\Diene.xlsx
2013-10-27 10:16 - 2013-10-27 10:16 - 00083560 _____ C:\Users\Hema\Downloads\Extras.Txt
2013-10-27 10:12 - 2013-10-27 10:12 - 00079430 _____ C:\Users\Hema\Downloads\OTL.Txt
2013-10-27 09:56 - 2013-10-27 09:56 - 00602112 _____ (OldTimer Tools) C:\Users\Hema\Downloads\OTL.exe
2013-10-26 15:27 - 2013-10-26 15:33 - 00000095 _____ C:\Users\Hema\Desktop\Movies.txt
2013-10-25 20:42 - 2013-10-25 20:42 - 00011296 _____ C:\Users\Hema\Desktop\EG- PG Catalysts.xlsx
2013-10-25 20:40 - 2013-10-27 20:51 - 00010814 _____ C:\Users\Hema\Desktop\List.xlsx
2013-10-24 19:15 - 2013-10-24 21:12 - 00010835 _____ C:\Users\Hema\Desktop\Tol vp.xlsx
2013-10-23 19:20 - 2013-10-25 19:40 - 00000132 _____ C:\Users\Hema\Desktop\Walmart.txt
2013-10-22 08:54 - 2013-10-22 08:54 - 00000000 ____D C:\ProgramData\Oracle
2013-10-22 08:54 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-22 08:54 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-10-22 08:54 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-10-22 08:54 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-10-22 08:53 - 2013-10-22 08:54 - 00004746 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-19 15:57 - 2013-10-19 15:57 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-19 15:56 - 2013-10-19 15:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hema\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-15 18:38 - 2013-10-15 18:38 - 00081972 _____ C:\Users\Hema\Desktop\Biomass Slide.pptx
2013-10-13 18:37 - 2013-10-13 18:37 - 00000000 ____D C:\Users\Hema\Desktop\MO
2013-10-13 18:34 - 2013-10-13 18:37 - 00000000 ____D C:\Users\Hema\Desktop\DOE
2013-10-12 00:09 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-12 00:09 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-12 00:09 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-12 00:09 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-12 00:09 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-12 00:09 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-12 00:09 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-12 00:09 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-12 00:09 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-12 00:09 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-12 00:08 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-12 00:08 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-12 00:08 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-12 00:08 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-10 13:32 - 2013-10-10 13:32 - 00009161 _____ C:\Users\Hema\Desktop\Srikanth.xlsx
2013-10-09 13:06 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-09 13:06 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-09 13:06 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-09 13:06 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-09 13:06 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-09 13:06 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-09 13:06 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-09 13:06 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-09 13:06 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-09 13:06 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-09 13:06 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-09 13:06 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-09 13:06 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-09 13:06 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-09 13:06 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-09 13:06 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-09 13:06 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-09 13:06 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-09 13:06 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-09 13:06 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-09 13:06 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-09 13:06 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-09 13:06 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-09 13:06 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:06 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:06 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-09 13:06 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-09 13:06 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-09 13:06 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-09 13:06 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-09 13:06 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-09 13:06 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-09 13:06 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-09 13:06 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-09 13:06 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-09 13:06 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-09 13:06 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-09 13:06 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-09 13:06 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-09 13:06 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-09 13:06 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-09 13:06 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-09 13:06 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-09 13:06 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-09 13:06 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-09 13:06 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-09 13:06 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-09-30 21:35 - 2013-09-30 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-28 20:16 - 2013-04-24 09:28 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-28 20:15 - 2013-10-28 20:15 - 01956538 _____ (Farbar) C:\Users\Hema\Downloads\FRST64.exe
2013-10-28 20:15 - 2013-10-28 20:15 - 00000000 ____D C:\FRST
2013-10-28 20:08 - 2012-07-01 08:28 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 20:02 - 2010-01-22 06:36 - 01188136 _____ C:\windows\WindowsUpdate.log
2013-10-28 19:36 - 2012-12-07 14:27 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001UA.job
2013-10-28 18:34 - 2012-12-07 14:27 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001Core.job
2013-10-28 13:16 - 2013-04-24 09:28 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-28 09:57 - 2013-10-28 09:35 - 00000000 ____D C:\Users\Hema\Desktop\Gautam Yoda
2013-10-28 09:42 - 2010-05-10 12:37 - 00000000 ____D C:\Users\Hema\AppData\Roaming\vlc
2013-10-28 09:34 - 2013-10-28 09:34 - 00000165 ____H C:\Users\Hema\Desktop\~$List.xlsx
2013-10-28 09:32 - 2009-07-14 00:45 - 00014144 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-28 09:32 - 2009-07-14 00:45 - 00014144 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-28 09:26 - 2013-04-24 09:29 - 00000000 ___RD C:\Users\Hema\Google Drive
2013-10-28 09:25 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-28 09:25 - 2009-07-14 00:51 - 00147438 _____ C:\windows\setupact.log
2013-10-27 23:18 - 2013-10-27 22:23 - 00008500 _____ C:\Users\Hema\Desktop\Diene.xlsx
2013-10-27 20:51 - 2013-10-25 20:40 - 00010814 _____ C:\Users\Hema\Desktop\List.xlsx
2013-10-27 10:16 - 2013-10-27 10:16 - 00083560 _____ C:\Users\Hema\Downloads\Extras.Txt
2013-10-27 10:12 - 2013-10-27 10:12 - 00079430 _____ C:\Users\Hema\Downloads\OTL.Txt
2013-10-27 09:56 - 2013-10-27 09:56 - 00602112 _____ (OldTimer Tools) C:\Users\Hema\Downloads\OTL.exe
2013-10-27 08:00 - 2011-03-19 09:43 - 00000000 ____D C:\Program Files (x86)\Everything
2013-10-26 15:33 - 2013-10-26 15:27 - 00000095 _____ C:\Users\Hema\Desktop\Movies.txt
2013-10-25 20:42 - 2013-10-25 20:42 - 00011296 _____ C:\Users\Hema\Desktop\EG- PG Catalysts.xlsx
2013-10-25 20:42 - 2013-09-25 22:09 - 00000965 _____ C:\Users\Hema\Desktop\List.txt
2013-10-25 19:40 - 2013-10-23 19:20 - 00000132 _____ C:\Users\Hema\Desktop\Walmart.txt
2013-10-24 21:12 - 2013-10-24 19:15 - 00010835 _____ C:\Users\Hema\Desktop\Tol vp.xlsx
2013-10-23 07:26 - 2010-01-22 07:17 - 00713434 _____ C:\windows\PFRO.log
2013-10-22 08:54 - 2013-10-22 08:54 - 00000000 ____D C:\ProgramData\Oracle
2013-10-22 08:54 - 2013-10-22 08:53 - 00004746 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-22 08:54 - 2010-05-10 14:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-21 11:23 - 2013-09-15 20:00 - 00000000 ____D C:\Users\Hema\Desktop\Relevant 2013-14
2013-10-21 01:50 - 2013-08-07 22:08 - 00000000 ____D C:\ProgramData\saVVennsharie
2013-10-19 21:15 - 2009-07-14 01:13 - 00783354 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-19 15:57 - 2013-10-19 15:57 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-19 15:57 - 2013-04-20 18:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-19 15:56 - 2013-10-19 15:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hema\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-15 18:38 - 2013-10-15 18:38 - 00081972 _____ C:\Users\Hema\Desktop\Biomass Slide.pptx
2013-10-14 07:19 - 2012-12-06 09:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-13 18:37 - 2013-10-13 18:37 - 00000000 ____D C:\Users\Hema\Desktop\MO
2013-10-13 18:37 - 2013-10-13 18:34 - 00000000 ____D C:\Users\Hema\Desktop\DOE
2013-10-13 11:39 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2013-10-13 01:49 - 2013-03-15 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-13 01:49 - 2013-03-15 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-12 08:29 - 2009-07-14 00:45 - 00429520 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-12 00:14 - 2010-01-22 07:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 00:12 - 2010-10-13 13:01 - 00777570 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-10-11 00:04 - 2013-07-13 00:00 - 00000000 ____D C:\windows\system32\MRT
2013-10-10 23:59 - 2010-05-13 09:35 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-10 23:51 - 2012-07-16 16:53 - 00001945 _____ C:\windows\epplauncher.mif
2013-10-10 23:51 - 2012-07-16 16:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-10 23:51 - 2012-07-16 16:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-10 14:52 - 2010-05-21 13:58 - 00000000 ____D C:\Users\Hema\AppData\Local\CutePDF Writer
2013-10-10 13:32 - 2013-10-10 13:32 - 00009161 _____ C:\Users\Hema\Desktop\Srikanth.xlsx
2013-10-08 20:12 - 2012-07-01 08:28 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 20:12 - 2012-03-31 10:37 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 20:12 - 2011-05-19 07:26 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 18:29 - 2012-12-07 14:27 - 00003872 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001UA
2013-10-08 18:29 - 2012-12-07 14:27 - 00003476 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001Core
2013-10-08 13:11 - 2013-04-24 09:28 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-08 13:11 - 2013-04-24 09:28 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-08 07:51 - 2012-07-03 08:59 - 00873384 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll
2013-10-08 07:51 - 2010-05-10 20:36 - 00796072 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-10-08 07:50 - 2013-10-22 08:54 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-22 08:54 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-22 08:54 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-22 08:54 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-10-03 10:12 - 2013-04-20 20:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 07:31 - 2010-05-20 13:38 - 00000000 ____D C:\Users\Hema\AppData\Local\Mozilla
2013-09-30 21:36 - 2013-09-30 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-28 07:57 - 2009-07-13 23:20 - 00000000 ____D C:\windows\LiveKernelReports

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-21 11:48

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-10-2013
Ran by Hema at 2013-10-28 20:18:32
Running from C:\Users\Hema\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.15 (x64 edition) (Version: 9.15.00.0)
ActiveState Komodo Edit 7.0.2 (x32 Version: 7.0.2)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.4.634)
Atheros Client Installation Program (x32 Version: 1.0.1.0805)
BatteryLifeExtender (x32 Version: 1.0.1)
Best Buy Software Installer (Version: 2.1.0.30)
Best Buy Software Installer (x32 Version: 2.1.0.30)
calibre (x32 Version: 0.8.49)
CCleaner (Version: 4.00)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CutePDF Writer 2.8
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.3226)
CyberLink LabelPrint (x32 Version: 2.5.2511)
CyberLink Power2Go (x32 Version: 6.0.3604b)
CyberLink PowerDirector (x32 Version: 7.0.3227)
CyberLink PowerDVD 8 (x32 Version: 8.0.3228e)
CyberLink PowerProducer (x32 Version: 5.0.2.2429)
CyberLink YouCam (x32 Version: 2.0.3304)
D3DX10 (x32 Version: 15.4.2368.0902)
Dia (remove only) (x32)
Digital Guitar Tuner 2.3 (x32)
Ditto (x32)
doxygen 1.7.2 (x32 Version: 1.7.2)
Easy Display Manager (x32 Version: 3.0)
Easy Network Manager (x32 Version: 4.2.8)
Easy SpeedUp Manager (x32 Version: 3.0.0.6)
EasyBatteryManager (x32 Version: 4.0.0.3)
Everything 1.2.1.371 (x32)
Free Audio CD Burner version 1.4 (x32)
Free YouTube to MP3 Converter version 3.8 (x32)
FreeMind (x32 Version: 0.9.0)
GnuWin32: Zip-3.0 (x32 Version: 3.0)
Google Chrome (x32 Version: 30.0.1599.101)
Google Drive (x32 Version: 1.12.5329.1887)
Google Talk Plugin (x32 Version: 4.8.2.15856)
Google Update Helper (x32 Version: 1.3.21.165)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2025)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.00.0000)
Intel® Rapid Storage Technology (x32 Version: 9.5.4.1001)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Just Great Software EditPad Lite 6.6.3 (x32 Version: 6.6.3)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Works (x32 Version: 9.7.0621)
Mobipocket Reader 6.2 (x32 Version: 6.2.608)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Notepad++ (x32 Version: 5.7)
NVIDIA 3D Vision Video Player (x32 Version: 1.6.4)
Octoshape Streaming Services (HKCU)
PandoraRecovery (Remove Only) (x32)
Picasa 3 (x32 Version: 3.8)
PitchPerfect Musical Instrument Tuner (x32)
Prism Video File Converter (x32)
Python 3.2 (x32 Version: 3.2.150)
R for Windows 2.15.2 (Version: 2.15.2)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6003)
Recuva (Version: 1.44)
Revo Uninstaller 1.94 (x32 Version: 1.94)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.41)
Samsung R-Series (x32 Version: 1.0)
Samsung Support Center (x32 Version: 1.0.8)
Samsung Update Plus (x32 Version: 2.0)
saVVennsharie (x32 Version: 4.0.0.1253)
Simple Adblock (x32 Version: 1.1.5)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.6 (x32 Version: 6.6.106)
Spybot - Search & Destroy (x32 Version: 1.6.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.10.0)
Uninstall 1.0.0.1 (x32)
Universal Document Converter (Demo) (x32 Version: 5.2)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
User Guide (x32 Version: 1.0)
VideoPad Video Editor (x32)
VLC media player 2.0.6 (x32 Version: 2.0.6)
WavePad Sound Editor (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinPatrol (Version: 28.0.2013.0)
Yahoo! Messenger (x32)

==================== Restore Points =========================

28-10-2013 16:45:18 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-04-23 15:52 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {041A3982-0075-40A0-9655-533BEE8286A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {0C63720C-4CD3-4AE8-9F73-EA73F246A36D} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-01-12] (Samsung Electronics Co., Ltd.)
Task: {37891CFC-7BE3-4480-B2B1-869E15F1A9D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.)
Task: {4AB0B805-DD07-4202-9023-2D8941463D29} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {5A8E98F2-741A-4AE3-BAE1-0C2DE461038F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {629498B8-FA50-4D72-8A6A-0BB2EA9F07CA} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-10-06] (SEC)
Task: {69D718BA-2C3C-4E73-841E-81D6F79F2B38} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics)
Task: {C7868AB7-D4DB-4A9A-AAA5-D328C0367087} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24] (Google Inc.)
Task: {E1BB3352-DE5B-4A21-B0ED-6199959E1050} - System32\Tasks\ChkWiz4VistaWin7 => C:\Sysprep\ChkWiz4VistaWin7.exe
Task: {EA326F13-1745-4EB8-988D-D82CCEDFBD20} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001Core => C:\Users\Hema\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {F1F0AB84-8385-47A6-A4A1-91817D338B34} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [2009-11-11] (Samsung Electronics Co., Ltd.)
Task: {F2873812-F011-4CEF-A905-BF4EDB9CA309} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-18] (Samsung Electronics. Co. Ltd.)
Task: {F33BEFBB-9C9F-4DEF-A77C-F12585843A91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001UA => C:\Users\Hema\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {F4AC5F7A-7B54-447E-A725-C6C17E859D48} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001Core.job => C:\Users\Hema\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001UA.job => C:\Users\Hema\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-22 06:47 - 2006-08-11 23:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2010-05-09 21:15 - 2012-02-22 20:49 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-10-28 09:26 - 2013-10-28 09:26 - 00098816 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\win32api.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00110080 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\pywintypes27.dll
2013-10-28 09:26 - 2013-10-28 09:26 - 00364544 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\pythoncom27.dll
2013-10-28 09:26 - 2013-10-28 09:26 - 00044032 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\_socket.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 01153024 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\_ssl.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00320512 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\win32com.shell.shell.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00711680 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\_hashlib.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 01175040 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\wx._core_.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00805888 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\wx._gdi_.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00811008 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\wx._windows_.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 01062400 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\wx._controls_.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00735232 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\wx._misc_.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00128512 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\_elementtree.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00127488 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\pyexpat.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00557056 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\pysqlite2._sqlite.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00087040 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\_ctypes.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00119808 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\win32file.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00108544 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\win32security.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00018432 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\win32event.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00038912 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\win32inet.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00122368 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\wx._wizard.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00686080 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\unicodedata.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00026624 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\_multiprocessing.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00070656 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\wx._html2.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00010240 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\select.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00025600 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\win32pdh.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00504832 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\windows._cacheinvalidation.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00011264 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\win32crypt.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00035840 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\win32process.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00017408 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\win32profile.pyd
2013-10-28 09:26 - 2013-10-28 09:26 - 00022528 _____ () C:\Users\Hema\AppData\Local\Temp\_MEI31442\win32ts.pyd
2013-04-26 16:37 - 2012-12-09 21:46 - 00600868 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2013-09-30 21:35 - 2013-09-30 21:35 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-10-08 20:12 - 2013-10-08 20:12 - 16233864 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2012-12-18 15:08 - 2012-12-18 15:08 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2013 01:11:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (10/26/2013 03:37:55 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16720 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17c0

Start Time: 01ced282d6e96aa5

Termination Time: 20

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/26/2013 00:26:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/26/2013 00:26:35 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (10/26/2013 11:51:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/26/2013 11:48:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (10/25/2013 08:37:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/25/2013 08:35:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

Error: (10/23/2013 10:02:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/23/2013 09:59:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (10/27/2013 09:59:50 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/20/2013 08:11:08 PM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/13/2013 02:09:22 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/13/2013 02:09:20 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/13/2013 01:48:41 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (10/12/2013 00:08:27 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (10/11/2013 10:18:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (10/10/2013 11:49:27 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (10/07/2013 07:08:08 AM) (Source: Service Control Manager) (User: )
Description: The Util lucky leap service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/02/2013 08:05:32 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Microsoft Office Sessions:
=========================
Error: (12/03/2012 04:02:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/22/2012 11:43:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/17/2012 05:54:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/08/2012 00:30:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/18/2012 06:40:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/12/2012 08:11:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/20/2012 07:47:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/10/2012 04:33:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/07/2012 02:39:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/18/2012 03:35:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2013-04-21 02:35:15.232
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-21 02:35:14.936
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3892.55 MB
Available physical RAM: 1857.93 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 5432.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:16.7 GB) NTFS
Drive d: () (Fixed) (Total:350.66 GB) (Free:329.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A6A46671)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=351 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#4
emeraldnzl

Posted 28 October 2013 - 07:33 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello tennizen,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download Junkware Removal Tool to your desktop.

Shut down your protection software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Finally in this post

Please run another scan with FRST and post back the scan results - FRST.txt

So when you return please post
fixlist.txt
JRT.txt
FRST.txt

#5
tennizen

Posted 29 October 2013 - 01:05 PM

Member

Topic Starter
Member
68 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by Hema at 2013-10-29 14:46:14 Run:1
Running from C:\Users\Hema\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Hema on Tue 10/29/2013 at 14:48:53.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Hema\appdata\local\{1585E68C-CA3D-4808-B87E-A2D0B72B5837}
Successfully deleted: [Empty Folder] C:\Users\Hema\appdata\local\{2A0F76DC-A3C5-48E6-83D0-F47763AE8622}
Successfully deleted: [Empty Folder] C:\Users\Hema\appdata\local\{6470991C-D9E9-4CDA-9B6F-AEF651EAC2AC}
Successfully deleted: [Empty Folder] C:\Users\Hema\appdata\local\{681D1E3E-F25B-49DC-A5E3-A7A00D3D4CB3}
Successfully deleted: [Empty Folder] C:\Users\Hema\appdata\local\{CC2801E3-7F93-481B-A870-E01DE70F8E93}
Successfully deleted: [Empty Folder] C:\Users\Hema\appdata\local\{D0D29CA0-E54A-4F23-91F5-139B4A44B08D}
Successfully deleted: [Empty Folder] C:\Users\Hema\appdata\local\{F180201C-6184-4472-AB76-E397DB7F115A}
Successfully deleted: [Empty Folder] C:\Users\Hema\appdata\local\{F80E210B-A558-4992-839A-35F7B4CEC419}
Successfully deleted: [Empty Folder] C:\Users\Hema\appdata\local\{FCAF8092-A1AF-4D8E-BFD2-0040E4C8DB2B}

~~~ FireFox

Successfully deleted: [File] C:\Users\Hema\AppData\Roaming\mozilla\firefox\profiles\5vloru9a.default-1366724831829\extensions\[email protected]
Successfully deleted the following from C:\Users\Hema\AppData\Roaming\mozilla\firefox\profiles\5vloru9a.default-1366724831829\prefs.js

user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.lp49.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top && \"www.google.com,mail.google
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\Hema\AppData\Roaming\mozilla\firefox\profiles\5vloru9a.default-1366724831829\minidumps [224 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Hema\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/29/2013 at 15:00:09.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Hema (administrator) on VEDA on 29-10-2013 15:01:39
Running from C:\Users\Hema\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Octoshape ApS) C:\Users\Hema\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Everything\Everything.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKCU\...\Run: [Octoshape Streaming Services] - C:\Users\Hema\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKLM-x32\...\Run: [Everything] - C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [422632 2013-04-17] (BillP Studios)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: https://www.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Hema\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Hema\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Hema\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Hema\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hema\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hema\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: saVVennsharie - C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\Extensions\[email protected]
FF Extension: pearltrees - C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\Extensions\[email protected]
FF Extension: stefanvandamme - C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\Extensions\[email protected]
FF Extension: No Name - C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
FF Extension: Adblock Plus - C:\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Social Privacy\FF\

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (lucky leap) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0
CHR Extension: (saVVennsharie ) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmmcbhncfcjjobiejmaaoonmakcenji\5.10
CHR Extension: (Skype Click to Call) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Gmail) - C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-11-19] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

Error(0) reading file: "C:\windows\system32\ "
2013-10-29 15:00 - 2013-10-29 15:01 - 00003377 _____ C:\Users\Hema\Desktop\JRT.txt
2013-10-29 14:48 - 2013-10-29 14:48 - 00000000 ____D C:\windows\ERUNT
2013-10-29 14:47 - 2013-10-29 14:47 - 01033335 _____ (Thisisu) C:\Users\Hema\Downloads\JRT.exe
2013-10-28 20:18 - 2013-10-28 20:20 - 00029542 _____ C:\Users\Hema\Downloads\Addition.txt
2013-10-28 20:15 - 2013-10-28 20:15 - 01956538 _____ (Farbar) C:\Users\Hema\Downloads\FRST64.exe
2013-10-28 20:15 - 2013-10-28 20:15 - 00000000 ____D C:\FRST
2013-10-28 09:35 - 2013-10-28 09:57 - 00000000 ____D C:\Users\Hema\Desktop\Gautam Yoda
2013-10-27 22:23 - 2013-10-27 23:18 - 00008500 _____ C:\Users\Hema\Desktop\Diene.xlsx
2013-10-27 10:16 - 2013-10-27 10:16 - 00083560 _____ C:\Users\Hema\Downloads\Extras.Txt
2013-10-27 10:12 - 2013-10-27 10:12 - 00079430 _____ C:\Users\Hema\Downloads\OTL.Txt
2013-10-27 09:56 - 2013-10-27 09:56 - 00602112 _____ (OldTimer Tools) C:\Users\Hema\Downloads\OTL.exe
2013-10-26 15:27 - 2013-10-26 15:33 - 00000095 _____ C:\Users\Hema\Desktop\Movies.txt
2013-10-25 20:42 - 2013-10-25 20:42 - 00011296 _____ C:\Users\Hema\Desktop\EG- PG Catalysts.xlsx
2013-10-25 20:40 - 2013-10-29 00:09 - 00010819 _____ C:\Users\Hema\Desktop\List.xlsx
2013-10-24 19:15 - 2013-10-24 21:12 - 00010835 _____ C:\Users\Hema\Desktop\Tol vp.xlsx
2013-10-23 19:20 - 2013-10-25 19:40 - 00000132 _____ C:\Users\Hema\Desktop\Walmart.txt
2013-10-22 08:54 - 2013-10-22 08:54 - 00000000 ____D C:\ProgramData\Oracle
2013-10-22 08:54 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-22 08:54 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-10-22 08:54 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-10-22 08:54 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-10-22 08:53 - 2013-10-22 08:54 - 00004746 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-19 15:57 - 2013-10-19 15:57 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-19 15:56 - 2013-10-19 15:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hema\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-15 18:38 - 2013-10-15 18:38 - 00081972 _____ C:\Users\Hema\Desktop\Biomass Slide.pptx
2013-10-13 18:37 - 2013-10-13 18:37 - 00000000 ____D C:\Users\Hema\Desktop\MO
2013-10-13 18:34 - 2013-10-13 18:37 - 00000000 ____D C:\Users\Hema\Desktop\DOE
2013-10-12 00:09 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-12 00:09 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-12 00:09 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-12 00:09 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-12 00:09 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-12 00:09 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-12 00:09 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-12 00:09 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-12 00:09 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-12 00:09 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-12 00:09 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-12 00:09 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-12 00:08 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-12 00:08 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-12 00:08 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-12 00:08 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-10 13:32 - 2013-10-10 13:32 - 00009161 _____ C:\Users\Hema\Desktop\Srikanth.xlsx
2013-10-09 13:06 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-09 13:06 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-09 13:06 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-09 13:06 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-09 13:06 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-10-09 13:06 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-09 13:06 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-09 13:06 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-09 13:06 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-09 13:06 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-09 13:06 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-09 13:06 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-09 13:06 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-09 13:06 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-09 13:06 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-09 13:06 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-09 13:06 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-09 13:06 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-09 13:06 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-09 13:06 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-09 13:06 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-09 13:06 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-09 13:06 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-09 13:06 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-09 13:06 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:06 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:06 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-09 13:06 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-09 13:06 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-09 13:06 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-09 13:06 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-09 13:06 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-09 13:06 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-09 13:06 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-09 13:06 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-09 13:06 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-09 13:06 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-09 13:06 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-09 13:06 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-09 13:06 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-09 13:06 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-09 13:06 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-09 13:06 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-09 13:06 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-09 13:06 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-09 13:06 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-09 13:06 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-09 13:06 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-09-30 21:35 - 2013-09-30 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-29 15:01 - 2013-10-29 15:00 - 00003377 _____ C:\Users\Hema\Desktop\JRT.txt
2013-10-29 14:59 - 2011-03-19 09:43 - 00000000 ____D C:\Program Files (x86)\Everything
2013-10-29 14:48 - 2013-10-29 14:48 - 00000000 ____D C:\windows\ERUNT
2013-10-29 14:47 - 2013-10-29 14:47 - 01033335 _____ (Thisisu) C:\Users\Hema\Downloads\JRT.exe
2013-10-29 14:37 - 2013-04-24 09:28 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 14:37 - 2012-12-07 14:27 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001UA.job
2013-10-29 14:37 - 2012-07-01 08:28 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-29 13:20 - 2010-01-22 06:36 - 01247793 _____ C:\windows\WindowsUpdate.log
2013-10-29 13:16 - 2013-04-24 09:28 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-29 07:45 - 2009-07-14 00:45 - 00014144 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 07:45 - 2009-07-14 00:45 - 00014144 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 07:39 - 2013-04-24 09:29 - 00000000 ___RD C:\Users\Hema\Google Drive
2013-10-29 07:38 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-29 07:38 - 2009-07-14 00:51 - 00147494 _____ C:\windows\setupact.log
2013-10-29 00:09 - 2013-10-25 20:40 - 00010819 _____ C:\Users\Hema\Desktop\List.xlsx
2013-10-28 20:20 - 2013-10-28 20:18 - 00029542 _____ C:\Users\Hema\Downloads\Addition.txt
2013-10-28 20:15 - 2013-10-28 20:15 - 01956538 _____ (Farbar) C:\Users\Hema\Downloads\FRST64.exe
2013-10-28 20:15 - 2013-10-28 20:15 - 00000000 ____D C:\FRST
2013-10-28 18:34 - 2012-12-07 14:27 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001Core.job
2013-10-28 09:57 - 2013-10-28 09:35 - 00000000 ____D C:\Users\Hema\Desktop\Gautam Yoda
2013-10-28 09:42 - 2010-05-10 12:37 - 00000000 ____D C:\Users\Hema\AppData\Roaming\vlc
2013-10-27 23:18 - 2013-10-27 22:23 - 00008500 _____ C:\Users\Hema\Desktop\Diene.xlsx
2013-10-27 10:16 - 2013-10-27 10:16 - 00083560 _____ C:\Users\Hema\Downloads\Extras.Txt
2013-10-27 10:12 - 2013-10-27 10:12 - 00079430 _____ C:\Users\Hema\Downloads\OTL.Txt
2013-10-27 09:56 - 2013-10-27 09:56 - 00602112 _____ (OldTimer Tools) C:\Users\Hema\Downloads\OTL.exe
2013-10-26 15:33 - 2013-10-26 15:27 - 00000095 _____ C:\Users\Hema\Desktop\Movies.txt
2013-10-25 20:42 - 2013-10-25 20:42 - 00011296 _____ C:\Users\Hema\Desktop\EG- PG Catalysts.xlsx
2013-10-25 20:42 - 2013-09-25 22:09 - 00000965 _____ C:\Users\Hema\Desktop\List.txt
2013-10-25 19:40 - 2013-10-23 19:20 - 00000132 _____ C:\Users\Hema\Desktop\Walmart.txt
2013-10-24 21:12 - 2013-10-24 19:15 - 00010835 _____ C:\Users\Hema\Desktop\Tol vp.xlsx
2013-10-23 07:26 - 2010-01-22 07:17 - 00713434 _____ C:\windows\PFRO.log
2013-10-22 08:54 - 2013-10-22 08:54 - 00000000 ____D C:\ProgramData\Oracle
2013-10-22 08:54 - 2013-10-22 08:53 - 00004746 _____ C:\windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-22 08:54 - 2010-05-10 14:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-21 11:23 - 2013-09-15 20:00 - 00000000 ____D C:\Users\Hema\Desktop\Relevant 2013-14
2013-10-21 01:50 - 2013-08-07 22:08 - 00000000 ____D C:\ProgramData\saVVennsharie
2013-10-19 21:15 - 2009-07-14 01:13 - 00783354 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-19 15:57 - 2013-10-19 15:57 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-19 15:57 - 2013-04-20 18:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-19 15:56 - 2013-10-19 15:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hema\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-15 18:38 - 2013-10-15 18:38 - 00081972 _____ C:\Users\Hema\Desktop\Biomass Slide.pptx
2013-10-14 07:19 - 2012-12-06 09:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-13 18:37 - 2013-10-13 18:37 - 00000000 ____D C:\Users\Hema\Desktop\MO
2013-10-13 18:37 - 2013-10-13 18:34 - 00000000 ____D C:\Users\Hema\Desktop\DOE
2013-10-13 11:39 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2013-10-13 01:49 - 2013-03-15 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-13 01:49 - 2013-03-15 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-12 08:29 - 2009-07-14 00:45 - 00429520 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-12 00:14 - 2010-01-22 07:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 00:12 - 2010-10-13 13:01 - 00777570 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-10-11 00:04 - 2013-07-13 00:00 - 00000000 ____D C:\windows\system32\MRT
2013-10-10 23:59 - 2010-05-13 09:35 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-10 23:51 - 2012-07-16 16:53 - 00001945 _____ C:\windows\epplauncher.mif
2013-10-10 23:51 - 2012-07-16 16:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-10 23:51 - 2012-07-16 16:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-10 14:52 - 2010-05-21 13:58 - 00000000 ____D C:\Users\Hema\AppData\Local\CutePDF Writer
2013-10-10 13:32 - 2013-10-10 13:32 - 00009161 _____ C:\Users\Hema\Desktop\Srikanth.xlsx
2013-10-08 20:12 - 2012-07-01 08:28 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 20:12 - 2012-03-31 10:37 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 20:12 - 2011-05-19 07:26 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 18:29 - 2012-12-07 14:27 - 00003872 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001UA
2013-10-08 18:29 - 2012-12-07 14:27 - 00003476 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001Core
2013-10-08 13:11 - 2013-04-24 09:28 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-08 13:11 - 2013-04-24 09:28 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-08 07:51 - 2012-07-03 08:59 - 00873384 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll
2013-10-08 07:51 - 2010-05-10 20:36 - 00796072 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-10-08 07:50 - 2013-10-22 08:54 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-22 08:54 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-22 08:54 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-22 08:54 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-10-03 10:12 - 2013-04-20 20:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 07:31 - 2010-05-20 13:38 - 00000000 ____D C:\Users\Hema\AppData\Local\Mozilla
2013-09-30 21:36 - 2013-09-30 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-21 11:48

==================== End Of Log ============================

#6
emeraldnzl

Posted 29 October 2013 - 01:28 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello tennizen,

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Double click on ComboFix.exe & follow the prompts.
If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
Your desktop may go blank. This is normal.
ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#7
tennizen

Posted 30 October 2013 - 01:43 PM

Member

Topic Starter
Member
68 posts

ComboFix 13-10-30.01 - Hema 10/30/2013 14:57:49.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2844 [GMT -4:00]
Running from: c:\users\Hema\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmmcbhncfcjjobiejmaaoonmakcenji
c:\users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmmcbhncfcjjobiejmaaoonmakcenji\5.10\acs.js
c:\users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmmcbhncfcjjobiejmaaoonmakcenji\5.10\background.html
c:\users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmmcbhncfcjjobiejmaaoonmakcenji\5.10\content.js
c:\users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmmcbhncfcjjobiejmaaoonmakcenji\5.10\lsdb.js
c:\users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmmcbhncfcjjobiejmaaoonmakcenji\5.10\manifest.json
c:\users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmmcbhncfcjjobiejmaaoonmakcenji\5.10\sqlite.js
c:\users\Hema\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfmmcbhncfcjjobiejmaaoonmakcenji_0.localstorage-journal
c:\users\Hema\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfmmcbhncfcjjobiejmaaoonmakcenji_0.localstorage
c:\users\Hema\AppData\Local\Microsoft\Windows\Temporary Internet Files\ab_A45A.tmp
c:\users\Hema\AppData\Local\Temp\_MEI31283\_ctypes.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\_elementtree.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\_hashlib.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\_multiprocessing.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\_socket.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\_ssl.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\msvcp100.dll
c:\users\Hema\AppData\Local\Temp\_MEI31283\msvcr100.dll
c:\users\Hema\AppData\Local\Temp\_MEI31283\pyexpat.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\pysqlite2._sqlite.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\python27.dll
c:\users\Hema\AppData\Local\Temp\_MEI31283\pythoncom27.dll
c:\users\Hema\AppData\Local\Temp\_MEI31283\PyWinTypes27.dll
c:\users\Hema\AppData\Local\Temp\_MEI31283\select.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\unicodedata.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\win32api.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\win32com.shell.shell.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\win32crypt.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\win32event.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\win32file.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\win32inet.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\win32pdh.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\win32process.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\win32profile.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\win32security.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\win32ts.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\windows._cacheinvalidation.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\wx._controls_.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\wx._core_.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\wx._gdi_.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\wx._html2.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\wx._misc_.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\wx._windows_.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\wx._wizard.pyd
c:\users\Hema\AppData\Local\Temp\_MEI31283\wxbase294u_net_vc90.dll
c:\users\Hema\AppData\Local\Temp\_MEI31283\wxbase294u_vc90.dll
c:\users\Hema\AppData\Local\Temp\_MEI31283\wxmsw294u_adv_vc90.dll
c:\users\Hema\AppData\Local\Temp\_MEI31283\wxmsw294u_core_vc90.dll
c:\users\Hema\AppData\Local\Temp\_MEI31283\wxmsw294u_html_vc90.dll
c:\users\Hema\AppData\Local\Temp\_MEI31283\wxmsw294u_webview_vc90.dll
c:\users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]
c:\users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]\bootstrap.js
c:\users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]\chrome.manifest
c:\users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]\content\bg.js
c:\users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2013-09-28 to 2013-10-30 )))))))))))))))))))))))))))))))
.
.
2013-10-30 19:08 . 2013-10-30 19:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-30 19:08 . 2013-10-30 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-30 13:29 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F398A971-E416-47E4-87A4-5AA066277F6E}\mpengine.dll
2013-10-29 18:48 . 2013-10-29 18:48 -------- d-----w- c:\windows\ERUNT
2013-10-29 11:49 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-29 00:15 . 2013-10-29 00:15 -------- d-----w- C:\FRST
2013-10-22 12:54 . 2013-10-22 12:54 -------- d-----w- c:\programdata\Oracle
2013-10-22 12:54 . 2013-10-08 11:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-18 22:27 . 2013-10-18 22:27 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DDCC7EF8-82AE-4DB3-A4E0-CB6F8729EDC7}\gapaengine.dll
2013-10-12 04:08 . 2013-09-22 22:54 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-10-12 04:08 . 2013-09-22 22:54 19252224 ----a-w- c:\windows\system32\mshtml.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 03:59 . 2010-05-13 13:35 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 00:12 . 2012-03-31 14:37 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 00:12 . 2011-05-19 11:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 11:51 . 2012-07-03 12:59 873384 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-10-08 11:51 . 2010-05-11 00:36 796072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-06 16:22 . 2012-10-02 21:26 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-29 01:48 . 2013-10-09 17:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-11 22:05 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-11 22:05 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-11 22:05 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-11 22:05 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-11 22:05 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-11 22:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-11 22:05 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 22:05 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-11 22:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-11 22:05 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-11 22:05 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-11 22:05 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 22:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 22:05 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 22:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"Octoshape Streaming Services"="c:\users\Hema\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-17 422632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/01/22 19:44];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 13:24 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:12]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24 13:28]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-24 13:28]
.
2013-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001Core.job
- c:\users\Hema\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-07 18:27]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2866615960-603720506-1887988843-1001UA.job
- c:\users\Hema\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-07 18:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\03\02\14\109\18?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
.
**************************************************************************
.
Completion time: 2013-10-30 15:29:45 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-30 19:29
.
Pre-Run: 17,130,815,488 bytes free
Post-Run: 17,160,503,296 bytes free
.
- - End Of File - - DC3EC8C14111BB7544230563379431D1

#8
emeraldnzl

Posted 30 October 2013 - 05:34 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again tennizen,

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Click the green ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
then click on: Start
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, make sure you copy the logfile first!
Then click on: Finish
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic and tell me how your machine is now.

#9
tennizen

Posted 31 October 2013 - 07:31 PM

Member

Topic Starter
Member
68 posts

Here is the log. I didn't select the option of deleting quarantined files because you didn't mention it. Hope that's ok. The machine seems to be running a bit better now.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c0459d1fbabd1247ba9c9ec5a5141a83
# engine=15715
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-01 01:25:04
# local_time=2013-10-31 09:25:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 8708499 134812554 0 0
# scanned=219766
# found=8
# cleaned=8
# scan_time=21872
sh=6A1BBB0F7318E73FA406FD0D0E20FFE99463FD37 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmmcbhncfcjjobiejmaaoonmakcenji\5.10\acs.js.vir"
sh=A91C6099053D8143E21418BBFB535D21F5535CCE ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Hema\AppData\Roaming\Mozilla\Firefox\Profiles\5vloru9a.default-1366724831829\extensions\[email protected]\content\bg.js.vir"
sh=4CA2DAAE0E9BE0292CF608CDA22198E433B1A2E4 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0\background.js"
sh=13E5BF9BA88ADCBC94C84035C2E91C735C4736A6 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Hema\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0\content.js"
sh=D7E5DCE01CAB4218E642D65FE165CBDA0B51EDD7 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan (deleted - quarantined)" ac=C fn="C:\Users\Hema\AppData\Local\Opera\Opera\cache\g_001E\opr002Z5.tmp"
sh=0009CD160A93DADDFDC59653C26C36AFE77C4F25 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan (deleted - quarantined)" ac=C fn="C:\Users\Hema\AppData\Local\Opera\Opera\cache\g_001E\opr00301.tmp"
sh=C5A07C6647A4228B39A382EE5246235CFDD94A82 ft=1 fh=1901ca3fd08316cd vn="probably a variant of Win32/CNETInstaller.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Hema\Downloads\cbsidlm-cbsi134-Pandora_Recovery-BP-10694796.exe"
sh=B2F48EE7701C43866CD2A2D1F81E437AE29D6EC2 ft=1 fh=773e74de054df24e vn="Win32/DownWare.L application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Hema\Downloads\Robert+Jordan+-+A+Memory+of+Light++[Ebook].exe"

#10
emeraldnzl

Posted 31 October 2013 - 07:37 PM

GeekU Instructor

GeekU Moderator
20,051 posts

I didn't select the option of deleting quarantined files because you didn't mention it.

I think it needs to unchecked if you don't won't them deleted. We do want them deleted and that's what it did. :thumbsup:

How is your machine now?

#11
tennizen

Posted 01 November 2013 - 06:24 PM

Member

Topic Starter
Member
68 posts

I didn't select the option of deleting quarantined files because you didn't mention it.

I think it needs to unchecked if you don't won't them deleted. We do want them deleted and that's what it did.

How is your machine now?

So it deletes the files even if the box is left unchecked?

The computer seems to be doing fine. Is there anything else I need to do?

Thanks!

#12
emeraldnzl

Posted 01 November 2013 - 06:31 PM

GeekU Instructor

GeekU Moderator
20,051 posts

So it deletes the files even if the box is left unchecked?

While since I tested it... from memory you need to opt out or it will delete. Could be that you have to check the box to opt out. About time I tried it again I think. :whistling:

The computer seems to be doing fine.

Good news. :thumbsup:

Is there anything else I need to do?

Yes we have a couple of last steps to perform and then you're all set. Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

Go to Start > Programs > Accessories and click on Run
Copy and paste the the bolded text below in the box then hit OK

Combofix /Uninstall

Step 2

Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
Click on the CleanUp! button
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

Download Java for Windows

Reboot your computer.
You also need to unininstall older versions of Java.
Click Start > Control Panel > Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

#13
tennizen

Posted 06 November 2013 - 02:48 PM

Member

Topic Starter
Member
68 posts

Sorry for the late reply. My charger stopped working and I had to wait to get a new one. Thanks for the help. The computer is working great now!

#14
emeraldnzl

Posted 04 April 2014 - 03:31 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.