Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Doubts about Malware, Spycatcher - Trovit [Solved]

Started by Hari Prahlad , Jul 14 2014 11:10 PM

trovit conduit

This topic is locked

#1
Hari Prahlad

Posted 14 July 2014 - 11:10 PM

Member

Member
301 posts

Hi,

I have a doubt about whether my PC has been infected. I tried a few free downloads and suspect that some malware may have crept in. Kaspersky Anti-virus says there are no problems but Spycatcher--which I have removed now--suggests that there may be some malware.

My OTL log is given below:--

OTL logfile created on: 7/15/2014 10:24:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user-pc\Downloads
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17028)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 28.01% Memory free
3.96 Gb Paging File | 1.86 Gb Available in Paging File | 47.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.66 Gb Total Space | 72.97 Gb Free Space | 73.22% Space Free | Partition Type: NTFS
Drive D: | 200.00 Gb Total Space | 175.38 Gb Free Space | 87.69% Space Free | Partition Type: NTFS
Drive E: | 165.76 Gb Total Space | 165.65 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: SAMSUNG-PC | User Name: user-pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/15 10:12:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user-pc\Downloads\OTL.exe
PRC - [2014/07/10 11:07:14 | 001,678,040 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtwRSupportService.exe
PRC - [2014/07/09 10:04:19 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
PRC - [2014/06/13 01:25:55 | 001,004,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2014/06/06 10:08:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/05/08 19:18:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/03/26 19:47:02 | 000,350,496 | ---- | M] (ClientConnect Ltd.) -- C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
PRC - [2014/02/26 03:46:32 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2014/01/09 07:18:10 | 006,434,176 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2013/10/10 14:03:52 | 000,802,008 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2013/10/10 14:03:48 | 000,447,192 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2013/10/10 14:03:44 | 002,054,872 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2013/06/01 15:54:46 | 002,106,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2013/03/02 13:54:03 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2012/11/06 09:50:42 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/26 12:21:56 | 000,107,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\LiveComm.exe
PRC - [2012/07/26 09:00:19 | 000,029,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2011/11/01 04:07:04 | 000,512,000 | ---- | M] () -- C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe

========== Modules (No Company Name) ==========

MOD - [2014/07/09 10:04:19 | 017,029,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_14_0_0_145.dll
MOD - [2014/06/06 10:08:46 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/10/10 14:03:56 | 000,044,760 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
MOD - [2013/06/18 01:05:10 | 000,478,400 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
MOD - [2012/07/26 12:21:57 | 000,143,216 | ---- | M] () -- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
MOD - [2005/10/08 03:35:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - [2014/07/10 11:07:14 | 001,678,040 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\System32\BtwRSupportService.exe -- (BcmBtRSupport)
SRV - [2014/07/09 10:04:20 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/06 10:08:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/08 19:18:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/12 12:53:01 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2014/03/28 12:04:12 | 000,014,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2014/03/26 19:47:02 | 000,350,496 | ---- | M] (ClientConnect Ltd.) [Auto | Running] -- C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe -- (TBSrv)
SRV - [2014/02/26 03:46:32 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2013/10/10 14:03:52 | 000,802,008 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2013/08/16 05:29:31 | 002,156,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2013/06/25 04:39:53 | 000,226,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2013/06/01 14:53:42 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2013/05/04 10:27:04 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2013/05/04 10:26:05 | 000,143,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2013/04/09 03:21:05 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2013/03/02 13:53:17 | 000,114,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2013/03/02 13:53:15 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2013/01/10 04:56:37 | 001,532,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2012/09/20 11:23:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012/07/26 09:33:42 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 08:50:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012/07/26 08:50:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012/07/26 08:50:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 08:50:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012/07/26 08:49:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012/07/26 08:49:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012/07/26 08:49:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012/07/26 08:49:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012/07/26 08:48:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012/07/26 08:48:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012/07/26 08:48:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012/07/26 08:47:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012/07/26 05:57:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012/07/26 05:57:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012/07/26 05:57:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012/07/26 05:57:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012/07/26 05:57:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012/07/26 05:57:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2011/11/01 04:07:04 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe -- (UDisk Monitor)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Disabled | Stop_Pending] -- system32\DRIVERS\EsgScanner.sys -- (EsgScanner)
DRV - [2014/07/10 11:07:14 | 000,174,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\bcbtums.sys -- (bcbtums)
DRV - [2014/06/13 01:50:29 | 000,552,032 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\Drivers\klif.sys -- (KLIF)
DRV - [2014/06/13 01:50:29 | 000,054,880 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\Drivers\klwfp.sys -- (klwfp)
DRV - [2014/06/13 01:50:28 | 000,094,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\klflt.sys -- (klflt)
DRV - [2014/03/28 12:05:17 | 000,030,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2014/03/24 03:41:32 | 000,231,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2014/02/26 03:46:30 | 000,144,992 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\Drivers\kneps.sys -- (kneps)
DRV - [2014/02/26 03:46:30 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\kl1.sys -- (kl1)
DRV - [2014/02/26 03:46:30 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\klmouflt.sys -- (klmouflt)
DRV - [2014/02/26 03:46:30 | 000,025,696 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\Drivers\klim6.sys -- (KLIM6)
DRV - [2014/02/26 03:46:30 | 000,025,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2014/02/26 03:46:30 | 000,024,672 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\klelam.sys -- (klelam)
DRV - [2014/01/07 03:48:02 | 000,015,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2013/10/10 15:37:31 | 000,038,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2013/10/05 10:03:14 | 000,238,936 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2013/10/02 06:08:26 | 000,362,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2013/08/16 04:51:21 | 000,051,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2013/08/10 10:54:21 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2013/07/09 09:46:17 | 000,097,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2013/07/02 04:20:31 | 000,268,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2013/07/02 04:20:28 | 000,180,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2013/06/01 07:59:09 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2013/04/13 04:04:48 | 000,014,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\Drivers\klpd.sys -- (klpd)
DRV - [2013/03/02 14:36:16 | 000,057,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2013/03/02 14:22:47 | 000,066,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2013/01/10 06:37:00 | 000,024,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2012/11/27 09:23:14 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012/11/20 10:26:58 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012/11/06 09:22:56 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012/10/12 12:42:33 | 000,023,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/10/11 10:58:23 | 000,046,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012/09/20 12:39:32 | 000,031,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012/07/26 09:47:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012/07/26 09:18:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012/07/26 09:12:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012/07/26 09:12:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012/07/26 09:12:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012/07/26 09:12:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012/07/26 09:12:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012/07/26 09:12:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012/07/26 09:12:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012/07/26 09:12:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012/07/26 09:10:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012/07/26 09:09:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012/07/26 09:03:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012/07/26 09:03:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012/07/26 09:03:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012/07/26 08:06:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012/07/26 08:06:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012/07/26 08:06:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012/07/26 08:06:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012/07/26 08:05:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012/07/26 08:05:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012/07/26 08:05:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012/07/26 08:05:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012/07/26 08:05:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012/07/26 08:04:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012/07/26 08:04:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012/07/26 08:04:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012/07/26 08:04:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012/07/26 08:03:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012/07/26 08:03:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012/07/26 08:03:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2012/07/26 08:03:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/07/26 08:03:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012/07/26 08:02:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/26 08:02:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012/07/26 08:02:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012/07/26 08:01:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012/07/26 08:00:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012/07/26 08:00:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012/07/26 04:19:39 | 000,238,080 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\yk63x86.sys -- (yukonw8)
DRV - [2012/06/02 20:01:30 | 002,273,280 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\athr.sys -- (athr)
DRV - [2011/10/28 00:09:32 | 000,105,472 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...V=SP2151C_sp_ie
IE - HKCU\..\SearchScopes\{0DE0615C-7B63-4284-980F-78102A4B7D4A}: "URL" = http://www.google.co...1I7WZPA_enIN592
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7WZPA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-yff27"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-yff27"
FF - prefs.js..browser.search.param.yahoo-type: "394500523"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:14.0.0.4929
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.3.20140316101110
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..keyword.URL: "http://in.search.yah...=ytff-yff27&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/06/13 01:51:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/06/13 01:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/06/13 01:50:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/06/13 01:50:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014/06/13 01:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/07/14 15:09:48 | 000,000,000 | ---D | M]

[2014/06/13 00:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user-pc\AppData\Roaming\mozilla\Extensions
[2014/07/15 08:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user-pc\AppData\Roaming\mozilla\Firefox\Profiles\1qmvxihn.default\extensions
[2014/07/15 08:22:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user-pc\AppData\Roaming\mozilla\Firefox\Profiles\1qmvxihn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/06/13 00:56:14 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\user-pc\AppData\Roaming\mozilla\Firefox\Profiles\1qmvxihn.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2014/07/15 08:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/07/15 08:21:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/15 08:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2014/07/15 08:21:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/06/13 01:50:58 | 000,000,000 | ---D | M] (Chặn quảng cáo) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 14.0.0\FFEXT\[email protected]

O1 HOSTS File: ([2012/07/26 09:47:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 113.193.12.14 113.193.1.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C639AD13-B9B7-4B12-834F-9400F07E7311}: DhcpNameServer = 113.193.12.14 113.193.1.14
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/26 12:22:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{eef21793-f27d-11e3-af9e-0c6076e4c1d1}\Shell - "" = AutoRun
O33 - MountPoints2\{eef21793-f27d-11e3-af9e-0c6076e4c1d1}\Shell\AutoRun\command - "" = "G:\Setup.exe" /Auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/15 10:26:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014/07/15 10:26:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/07/15 08:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/07/15 08:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014/07/14 15:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/07/14 15:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/07/10 11:31:48 | 000,000,000 | ---D | C] -- C:\Users\user-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth
[2014/07/10 11:16:29 | 000,000,000 | ---D | C] -- C:\Users\user-pc\Documents\Bluetooth Exchange Folder
[2014/07/10 11:16:28 | 000,000,000 | ---D | C] -- C:\Users\user-pc\AppData\Local\Broadcom
[2014/07/10 11:08:45 | 001,678,040 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\BtwRSupportService.exe
[2014/07/10 11:08:42 | 000,174,936 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\drivers\bcbtums.sys
[2014/07/10 11:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2014/07/09 14:15:07 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/07/09 14:14:42 | 002,863,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/07/09 14:14:38 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/07/09 14:14:38 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/07/09 14:14:38 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/07/09 14:14:38 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/07/09 14:14:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/07/09 14:14:37 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/07/09 14:14:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/07/09 14:14:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/07/09 14:14:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UXInit.dll
[2014/07/09 14:14:37 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/07/09 14:14:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/07/09 14:14:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/07/09 14:14:30 | 005,582,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014/07/09 14:14:26 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSShared.dll
[2014/07/09 14:14:26 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/07/09 14:14:26 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Robocopy.exe
[2014/07/09 14:14:24 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/07/09 14:14:18 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SHCore.dll
[2014/07/09 14:14:10 | 003,389,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/07/09 14:14:10 | 001,440,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2014/07/02 09:33:28 | 000,000,000 | ---D | C] -- C:\Users\user-pc\AppData\Roaming\AVG
[2014/07/02 09:33:28 | 000,000,000 | ---D | C] -- C:\Users\user-pc\AppData\Local\AVG
[2014/07/02 09:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/07/02 09:32:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/07/02 09:32:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/07/02 09:31:08 | 000,000,000 | ---D | C] -- C:\Users\user-pc\AppData\Roaming\Youtube Downloader HD
[2014/07/02 09:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD
[2014/07/02 09:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Youtube Downloader HD
[2014/07/02 09:31:00 | 000,000,000 | ---D | C] -- C:\Users\user-pc\AppData\Roaming\OpenCandy
[2014/06/30 08:07:59 | 000,000,000 | ---D | C] -- C:\Users\user-pc\Documents\Unzipped
[2014/06/28 15:06:00 | 000,000,000 | ---D | C] -- C:\Users\user-pc\Desktop\Radiology Images
[2014/06/28 14:45:21 | 000,000,000 | ---D | C] -- C:\Users\user-pc\AppData\Roaming\ZteUpdateUI
[2014/06/27 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\user-pc\New folder
[2014/06/27 16:08:33 | 000,000,000 | ---D | C] -- C:\Users\user-pc\AppData\Local\RadiantViewer
[2014/06/27 16:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadiAnt DICOM Viewer
[2014/06/27 16:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\RadiAntViewer32bit
[2014/06/27 16:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\RadiAntViewer
[2014/06/19 23:31:41 | 000,000,000 | ---D | C] -- C:\Users\user-pc\Desktop\POWERPOINT
[2014/06/19 03:20:39 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/06/19 01:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/06/19 01:30:25 | 000,778,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/06/19 01:30:25 | 000,035,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014/06/19 01:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2014/06/19 01:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2014/06/19 01:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\GreenTree Applications
[2014/06/18 22:18:18 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2014/06/18 22:18:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2014/06/18 22:18:18 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndadmin.exe
[2014/06/18 22:18:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2014/06/18 22:17:37 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\glcndFilter.dll
[2014/06/18 22:17:29 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2014/06/18 22:17:28 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014/06/18 22:17:28 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2014/06/18 22:17:28 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2014/06/18 22:17:27 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014/06/18 22:17:27 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFCaptureEngine.dll
[2014/06/18 22:17:27 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dafWCN.dll
[2014/06/18 22:17:26 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014/06/18 22:17:25 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnApi.dll
[2014/06/18 22:17:24 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2014/06/18 22:17:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfdprov.dll
[2014/06/18 22:17:24 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnEapPeerProxy.dll
[2014/06/18 22:17:24 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnEapAuthProxy.dll
[2014/06/18 22:17:23 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fxppm.sys
[2014/06/18 22:17:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2014/06/18 22:17:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014/06/18 22:16:41 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquota.dll
[2014/06/18 22:16:37 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2014/06/18 22:16:34 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2014/06/18 22:16:34 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcmsvc.dll
[2014/06/18 22:16:34 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmmbase.dll
[2014/06/18 22:16:33 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2014/06/18 22:16:33 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
[2014/06/18 22:16:33 | 000,105,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dumpsd.sys
[2014/06/18 22:16:33 | 000,097,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msgpioclx.sys
[2014/06/18 22:16:32 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wwanadvui.dll
[2014/06/18 22:16:32 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LocationApi.dll
[2014/06/18 22:16:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\openfiles.exe
[2014/06/18 22:16:32 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcmcsp.dll
[2014/06/18 22:16:28 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2014/06/18 22:16:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDKURD.DLL
[2014/06/18 22:16:02 | 001,186,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.UI.Immersive.dll
[2014/06/18 22:16:00 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2014/06/18 22:16:00 | 000,342,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/06/18 22:15:54 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2014/06/18 22:15:53 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SpaceControl.dll
[2014/06/18 22:15:53 | 000,030,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2014/06/18 22:15:52 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2014/06/18 22:15:52 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Storage.Compression.dll
[2014/06/18 22:15:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/06/18 22:15:52 | 000,046,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdstor.sys
[2014/06/18 22:15:51 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\microsoft-windows-pdc.dll
[2014/06/18 22:15:50 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PCPKsp.dll
[2014/06/18 22:15:48 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AppxSip.dll
[2014/06/18 22:15:48 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BdeUISrv.exe
[2014/06/18 22:15:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdhebl3.dll
[2014/06/18 22:15:34 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfnetsrc.dll
[2014/06/18 22:15:34 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfnetcore.dll
[2014/06/18 22:15:33 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmpeg2srcsnk.dll
[2014/06/18 22:15:23 | 000,319,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2014/06/18 22:15:23 | 000,319,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2014/06/18 22:15:20 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2014/06/18 22:15:20 | 000,297,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2014/06/18 22:15:12 | 010,799,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.UI.Xaml.dll
[2014/06/18 22:15:09 | 000,914,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2014/06/18 22:15:08 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ubpm.dll
[2014/06/18 22:15:08 | 000,123,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tpm.sys
[2014/06/18 22:15:07 | 000,054,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2014/06/18 22:14:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2014/06/18 22:14:38 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2014/06/18 22:14:38 | 000,303,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/06/18 22:14:37 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2014/06/18 22:14:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveskybackup.dll
[2014/06/18 22:14:18 | 000,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2014/06/18 22:14:18 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2014/06/18 22:14:18 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2014/06/18 22:14:15 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2014/06/18 22:14:15 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2014/06/18 22:14:14 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2014/06/18 22:14:05 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2014/06/18 22:14:04 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SettingSync.dll
[2014/06/18 22:14:04 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mbsmsapi.dll
[2014/06/18 22:13:53 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2014/06/18 22:13:52 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2014/06/18 22:13:47 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcore.dll
[2014/06/18 22:13:46 | 001,166,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.efi
[2014/06/18 22:13:46 | 001,063,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2014/06/18 22:13:46 | 001,035,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.efi
[2014/06/18 22:13:46 | 000,939,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2014/06/18 22:13:45 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2014/06/18 22:13:44 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfasfsrcsnk.dll
[2014/06/18 22:13:44 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2014/06/18 22:13:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceSetupManager.dll
[2014/06/18 22:13:43 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MbaeParserTask.exe
[2014/06/18 22:13:43 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\BthAvrcpTg.sys
[2014/06/18 22:13:33 | 000,509,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NotificationUI.exe
[2014/06/18 22:13:33 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.ApplicationModel.Store.dll
[2014/06/18 22:13:20 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebcamUi.dll
[2014/06/18 22:13:17 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserLanguagesCpl.dll
[2014/06/18 22:13:17 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnapps.dll
[2014/06/18 22:13:16 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\storagewmi.dll
[2014/06/18 22:13:15 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds_ps.dll
[2014/06/18 22:13:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2014/06/18 22:13:05 | 000,362,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBHUB3.SYS
[2014/06/18 22:13:04 | 001,556,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2014/06/18 22:13:04 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2014/06/18 22:13:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spaceport.sys
[2014/06/18 22:13:03 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUSettingsProvider.dll
[2014/06/18 22:13:03 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\storewuauth.dll
[2014/06/18 22:13:03 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2014/06/18 22:13:03 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2014/06/18 22:13:03 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2014/06/18 22:12:52 | 001,075,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2014/06/18 22:11:50 | 001,752,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpcMon.exe
[2014/06/18 22:11:48 | 003,502,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2014/06/18 22:11:46 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2014/06/18 22:11:45 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Windows.Media.Streaming.dll
[2014/06/18 22:11:45 | 000,307,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2014/06/18 22:11:43 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.dll
[2014/06/18 22:11:36 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2014/06/18 22:11:36 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2014/06/18 22:11:36 | 000,031,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cnghwassist.sys
[2014/06/18 22:11:34 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2014/06/18 22:11:31 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WWAHost.exe
[2014/06/18 22:11:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnprv.dll
[2014/06/18 22:11:31 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2014/06/18 22:11:13 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2014/06/18 22:11:10 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapibase.dll
[2014/06/18 22:11:08 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TpmTasks.dll
[2014/06/18 22:11:06 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PackageStateRoaming.dll
[2014/06/18 22:11:05 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\provcore.dll
[2014/06/18 22:11:03 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2014/06/18 22:10:49 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\twinapi.dll
[2014/06/18 22:10:44 | 000,023,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
[2014/06/18 22:10:41 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2014/06/18 22:10:39 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\combase.dll
[2014/06/18 22:10:37 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\microsoft-windows-kernel-power-events.dll
[2014/06/18 22:10:36 | 000,062,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dumpfve.sys
[2014/06/18 22:10:23 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfsrcsnk.dll
[2014/06/18 22:10:22 | 000,016,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HalExtIntcLpioDMA.dll
[2014/06/18 22:10:20 | 000,014,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HalExtIntcUartDMA.dll
[2014/06/18 22:10:19 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinTypes.dll
[2014/06/18 22:10:16 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfsvr.dll
[2014/06/18 22:10:16 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlidcredprov.dll
[2014/06/18 22:10:11 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ProximityService.dll
[2014/06/18 22:10:09 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2014/06/18 22:10:09 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvproc.dll
[2014/06/18 22:10:09 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2014/06/18 22:10:08 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfh264enc.dll
[2014/06/18 22:10:08 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DAFWSD.dll
[2014/06/18 22:10:08 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SettingSyncHost.exe
[2014/06/18 22:10:08 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2014/06/18 22:10:07 | 000,366,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2014/06/18 22:10:07 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfnet.dll
[2014/06/18 22:10:05 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2014/06/18 22:10:05 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2014/06/18 22:10:05 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevPropMgr.dll
[2014/06/18 22:10:04 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2014/06/18 22:10:02 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdbinst.exe
[2014/06/18 22:09:59 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfctrs.dll
[2014/06/18 22:09:59 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfproc.dll
[2014/06/18 22:09:58 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LangCleanupSysprepAction.dll
[2014/06/18 22:09:58 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eventcls.dll
[2014/06/18 22:09:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MUILanguageCleanup.dll
[2014/06/18 22:09:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetupproxyserv.dll
[2014/06/18 21:54:43 | 000,000,000 | ---D | C] -- C:\Users\user-pc\Pinky
[2014/06/18 21:41:20 | 000,703,968 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/06/18 21:41:20 | 000,105,440 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/06/17 02:56:22 | 000,000,000 | ---D | C] -- C:\Users\user-pc\AppData\Roaming\IrfanView
[2014/06/17 02:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2014/06/16 21:18:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/07/15 10:04:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/15 08:22:17 | 000,001,990 | ---- | M] () -- C:\Users\user-pc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/07/15 08:22:03 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/07/15 08:17:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/12 16:34:04 | 000,719,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/12 16:34:04 | 000,132,748 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/10 11:22:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/07/10 11:22:25 | 1684,942,848 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/10 11:14:38 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2014/07/10 11:07:14 | 001,678,040 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtwRSupportService.exe
[2014/07/10 11:07:14 | 000,174,936 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\bcbtums.sys
[2014/07/08 08:50:03 | 000,153,698 | ---- | M] () -- C:\Users\user-pc\Desktop\RelianceJuly2014.pdf
[2014/07/01 08:48:16 | 000,339,327 | ---- | M] () -- C:\Users\user-pc\Tikona Bill.pdf
[2014/06/28 12:59:33 | 000,087,977 | ---- | M] () -- C:\Users\user-pc\IMG-0001-00001.jpg
[2014/06/27 16:08:30 | 000,001,100 | ---- | M] () -- C:\Users\user-pc\Application Data\Microsoft\Internet Explorer\Quick Launch\RadiAnt DICOM Viewer (32-bit).lnk
[2014/06/27 16:08:29 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\RadiAnt DICOM Viewer (32-bit).lnk
[2014/06/27 02:23:24 | 000,703,968 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/06/27 02:23:24 | 000,105,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/06/19 06:24:05 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/06/19 06:23:42 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UXInit.dll
[2014/06/19 06:23:03 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/06/19 06:23:01 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/06/19 06:22:46 | 002,863,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/06/19 06:22:46 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/06/19 06:22:42 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/06/19 06:22:42 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/06/19 06:22:42 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/06/19 06:22:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/06/19 06:22:34 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/06/19 06:22:34 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/06/19 06:22:19 | 001,440,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/06/19 06:00:35 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/06/19 01:24:31 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/06/18 04:57:37 | 001,440,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2014/06/17 03:04:40 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/06/17 02:56:34 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/07/14 15:09:50 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/07/10 11:08:14 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2014/07/08 08:50:03 | 000,153,698 | ---- | C] () -- C:\Users\user-pc\Desktop\RelianceJuly2014.pdf
[2014/07/01 08:48:01 | 000,339,327 | ---- | C] () -- C:\Users\user-pc\Tikona Bill.pdf
[2014/06/27 16:58:12 | 000,087,977 | ---- | C] () -- C:\Users\user-pc\IMG-0001-00001.jpg
[2014/06/27 16:08:30 | 000,001,100 | ---- | C] () -- C:\Users\user-pc\Application Data\Microsoft\Internet Explorer\Quick Launch\RadiAnt DICOM Viewer (32-bit).lnk
[2014/06/27 16:08:29 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\RadiAnt DICOM Viewer (32-bit).lnk
[2014/06/19 01:24:31 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/06/18 22:15:20 | 000,387,268 | ---- | C] () -- C:\Windows\System32\ApnDatabase.xml
[2014/06/17 03:04:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/06/17 03:04:40 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/06/17 02:56:34 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2014/06/14 22:30:23 | 000,083,968 | ---- | C] () -- C:\Windows\System32\OEMLicense.dll
[2014/06/13 01:14:30 | 000,002,503 | ---- | C] () -- C:\Users\user-pc\Skype.lnk
[2014/06/13 01:12:52 | 000,000,804 | ---- | C] () -- C:\Users\user-pc\NEC camera.lnk
[2014/06/13 01:06:27 | 000,405,881 | ---- | C] () -- C:\Windows\KJ.exe
[2014/06/13 00:56:46 | 000,001,943 | ---- | C] () -- C:\Users\user-pc\WinZip.lnk
[2014/06/13 00:56:09 | 000,001,024 | ---- | C] () -- C:\Users\user-pc\VLC media player.lnk
[2014/06/13 00:55:20 | 000,001,064 | ---- | C] () -- C:\Users\user-pc\Picasa 3.lnk
[2014/06/13 00:54:59 | 000,000,975 | ---- | C] () -- C:\Users\user-pc\WinRAR.lnk
[2014/06/13 00:54:22 | 000,001,170 | ---- | C] () -- C:\Users\user-pc\50 FREE MP3s +1 Free Audiobook!.lnk
[2014/06/13 00:54:22 | 000,000,947 | ---- | C] () -- C:\Users\user-pc\Winamp.lnk
[2012/07/26 12:25:27 | 000,719,418 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2012/07/26 12:25:27 | 000,296,742 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2012/07/26 12:25:27 | 000,132,748 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2012/07/26 12:25:27 | 000,033,362 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2012/07/26 12:23:47 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2012/07/26 12:23:46 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2012/07/26 11:33:55 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 06:50:38 | 000,071,680 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2012/07/26 06:47:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2012/07/26 02:11:36 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/26 01:55:49 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012/07/26 01:55:49 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012/07/26 01:55:49 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2012/07/26 01:54:47 | 000,526,068 | ---- | C] () -- C:\Windows\System32\staticurllist.bin

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 11:48:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 08:48:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/07/26 08:50:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2014/07/15 10:28:08 | 002,375,680 | ---- | M] ()(C:\Windows\System32\????????????????????????????????) -- C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
[2014/07/15 08:47:23 | 002,375,680 | ---- | C] ()(C:\Windows\System32\????????????????????????????????) -- C:\Windows\System32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤

< End of report >

I would be extremely grateful if I am guided in the proper way to clean up my system.

Thanks in advance.

Hari

#2
emeraldnzl

Posted 21 July 2014 - 04:17 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hari Prahlad,

Welcome to Geekstogo.

Now

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

:OTL
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...V=SP2151C_sp_ie
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

After that

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Click on Scan and follow the prompts. Let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

Finally in this post

Please download Malwarebytes Anti-Malware Free from here .

Double click to install the progamme
When the popup "Completing the Malwarebytes Anti-Malware Setup Wizard" appears, uncheck the box enable free trial of Malwarebytes Anti-Malware Premium

The MBAM console/dashboard will appear together with an alert to update - click the green button Update Now
When update is complete select Settings > Detection and Protection and make sure the box Scan for rootkits its checked (ticked)

Go back to the Dashboard and click on the green Scan Now button.

If threats are detected, click the Apply Actions button, MBAM may ask for a reboot. Let it do so.

On completion of the scan (or after the reboot) select View Detailed Log (to the right on the light green strip)
Click on the Export button and select Text file and save to the desktop

Copy and paste the log back here.

So when you return please post

OTL.txt
AdwCleaner log
MBAM log

#3
Hari Prahlad

Posted 23 July 2014 - 11:00 PM

Member

Topic Starter
Member
301 posts

Thank you so much. Will do as you have advised.

#4
emeraldnzl

Posted 23 July 2014 - 11:01 PM

GeekU Instructor

GeekU Moderator
20,051 posts

:thumbsup:

#5
Hari Prahlad

Posted 24 July 2014 - 12:22 AM

Member

Topic Starter
Member
301 posts

Hi emeraldnzl,

As advised by you, I have run all three scans.

1. OTL File:--

All processes killed

========== OTL ==========

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\user-pc\Downloads\cmd.bat deleted successfully.

C:\Users\user-pc\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: user-pc

->Temp folder emptied: 326775963 bytes

->Temporary Internet Files folder emptied: 718841 bytes

->FireFox cache emptied: 58056426 bytes

->Google Chrome cache emptied: 9483523 bytes

->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1500381 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 348702 bytes

RecycleBin emptied: 155237611 bytes

Total Files Cleaned = 527.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 07242014_111525

Files\Folders moved on Reboot...

File\Folder C:\Users\user-pc\AppData\Local\Temp\~DF324D568D08183EB3.TMP not found!

C:\Users\user-pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0C6C0B04-D556-4433-8D14-F1113B6D38B0}.tmp moved successfully.

C:\Users\user-pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1664E71D-06F9-4BCC-913B-870D364D94D5}.tmp moved successfully.

C:\Users\user-pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{41E90462-34ED-41E5-92FD-92F3368AB69A}.tmp moved successfully.

C:\Users\user-pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C187DFF7-C21C-42DC-89B1-AB96ECA2FD44}.tmp moved successfully.

C:\Users\user-pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F0DE2357-045F-4DB5-8EC3-7D1D4E7AB015}.tmp moved successfully.

C:\Users\user-pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2. Adw File:--

# AdwCleaner v3.216 - Report created 24/07/2014 at 11:27:19

# Updated 17/07/2014 by Xplode

# Operating System : Windows 8 Pro (32 bits)

# Username : Sarojini - SAMSUNG-PC

# Running from : C:\Users\user-pc\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

Service Deleted : TBSrv

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\GreenTree Applications

Folder Deleted : C:\Program Files\Tbccint

Folder Deleted : C:\Users\user-pc\AppData\Local\Conduit

Folder Deleted : C:\Users\user-pc\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

Folder Deleted : C:\Users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default\Extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}

Folder Deleted : C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa

[!] Folder Deleted : C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF2D6074-8317-4050-890F-116E54CFAAD9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Tbccint_HKLM

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17028

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default\prefs.js ]

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [Extension] : blbkdnmdcafmfhinpmnlhhddbepgkeaa

[ File : C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [94703 octets] - [24/07/2014 11:23:42]

AdwCleaner[S0].txt - [9431 octets] - [24/07/2014 11:27:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9491 octets] ##########

3. MBAM File:--

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 7/24/2014

Scan Time: 11:36:01 AM

Logfile: MBAM.txt

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.07.24.01

Rootkit Database: v2014.07.17.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 8

CPU: x86

File System: NTFS

User: Sarojini

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 253158

Time Elapsed: 9 min, 9 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Again, thanks a million. I see "nzl" in your profile name. I assume it stands for New Zealand. I am a diehard fan of Sir Richard Hadlee. :wave:

#6
emeraldnzl

Posted 24 July 2014 - 02:52 PM

GeekU Instructor

GeekU Moderator
20,051 posts

I see "nzl" in your profile name. I assume it stands for New Zealand.

Yep I am a New Zealander.

I am a diehard fan of Sir Richard Hadlee.

He was great, I think he had the most beautiful style of any fast bowler, ever.

Turning to your computer, it looks like we made some progress.

I would like to have a look at things now using another tool.

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called (FRST.txt) in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

#7
Hari Prahlad

Posted 24 July 2014 - 10:26 PM

Member

Topic Starter
Member
301 posts

Thank you. Will do as advised. BTW, I am getting a lot of pop-ups today.

Tried downloading both. Both don't run on the system.

Edited by Hari Prahlad, 24 July 2014 - 10:32 PM.

#8
Hari Prahlad

Posted 24 July 2014 - 10:46 PM

Member

Topic Starter
Member
301 posts

Managed to do it.

There was something named App Bud which I deleted from the list of programs.

1. FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-07-2014 01

Ran by Sarojini (administrator) on SAMSUNG-PC on 25-07-2014 10:09:53

Running from C:\Users\user-pc\Downloads

Platform: Microsoft Windows 8 Pro (X86) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

() C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe

\LiveComm.exe

(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be

moved.)

HKU\S-1-5-21-339546876-1381599416-2239483375-1001\...\MountPoints2: {eef21793-f27d-11e3-af9e-0c6076e4c1d1} - "G:

\Setup.exe" /Auto

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office

\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky

Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office

\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 113.193.12.14 113.193.1.14

FireFox:

========

FF ProfilePath: C:\Users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

(Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

(Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default\user.js

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Extension: WOT - C:\Users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default\Extensions\{a0d7ccb3-214d-

498b-b4aa-0e8fda9a7bf7} [2014-07-23]

FF Extension: Facebook - Delete All Messages - C:\Users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default

\Extensions\[email protected] [2014-07-15]

FF Extension: facebookfastdeletemessages - C:\Users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default

\Extensions\{af3ad7cf-6303-42d3-bd23-74e0838b9d2d}.xpi [2014-07-15]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security

14.0.0\FFExt\[email protected]

FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt

\[email protected] [2014-06-13]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\FFExt\[email protected]

FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt

\[email protected] [2014-06-13]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\FFExt\[email protected]

FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt

\[email protected] [2014-06-13]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security

14.0.0\FFExt\[email protected]

FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt

\[email protected] [2014-06-13]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\FFExt\[email protected]

FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt

\[email protected] [2014-06-13]

FF Extension: No Name - C:\Users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default\extensions\{fa53d675-

4680-455e-ac21-6ef151942a45}.xpi []

Chrome:

=======

CHR HomePage:

CHR StartupUrls: "hxxp://google.com/"

CHR Extension: (Google Docs) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\aohghmighlieiainnegkcijnfilokake [2014-06-13]

CHR Extension: (Google Drive) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default

\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-18]

CHR Extension: (WOT) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-23]

CHR Extension: (YouTube) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]

CHR Extension: (Google Search) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]

CHR Extension: (Kaspersky URL Advisor) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\dchlnpcodkpfdpacogkljefecpegganj [2014-07-18]

CHR Extension: (Safe Money) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\hakdifolhalapjijoafobooafbilfakh [2014-07-18]

CHR Extension: (Dangerous Websites Blocker) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\hghkgaeecgjhjkannahfamoehjmkjail [2014-07-18]

CHR Extension: (Virtual Keyboard) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-18]

CHR Extension: (Google Wallet) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]

CHR Extension: (Gmail) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]

CHR Extension: (Anti-Banner) - C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions

\pjldcfjmnllhmgjclecdnfampinooman [2014-07-18]

CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\ChromeExt\urladvisor.crx [2014-02-26]

CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-02-26]

CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-02-26]

CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\ChromeExt\virtkbd.crx [2014-02-26]

CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 14.0.0\ChromeExt\ab.crx [2014-02-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless

listed separately.)

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-02-26] (Kaspersky Lab ZAO)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1678040 2014-07-10] (Broadcom Corporation.)

R2 UDisk Monitor; C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe [512000 2011-11-01] () [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2014-03-28] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless

listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)

R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [174936 2014-07-10] (Broadcom Corporation.)

R3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-02-26] (Kaspersky Lab ZAO)

S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [24672 2014-02-26] (Kaspersky Lab)

S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-06-13] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [552032 2014-06-13] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [25696 2014-02-26] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [25184 2014-02-26] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [25696 2014-02-26] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [14432 2013-04-13] (Kaspersky Lab ZAO)

R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [54880 2014-06-13] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [144992 2014-02-26] (Kaspersky Lab ZAO)

S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)

R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [238080 2012-07-26] (Marvell)

S3 ztemtusbser; C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [105472 2011-10-28] (ZTEMT Incorporated)

R1 {fa53d675-4680-455e-ac21-6ef151942a45}Gw; C:\Windows\System32\drivers\{fa53d675-4680-455e-ac21-6ef151942a45}Gw.sys

[52816 2014-07-21] (StdLib)

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed

separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 10:09 - 2014-07-25 10:10 - 00013750 _____ () C:\Users\user-pc\Downloads\FRST.txt

2014-07-25 10:08 - 2014-07-25 10:09 - 00000000 ____D () C:\FRST

2014-07-25 10:01 - 2014-07-25 10:01 - 02092108 _____ () C:\Users\user-pc\Downloads\FRST64 (1).exe

2014-07-25 10:00 - 2014-07-25 10:00 - 01084416 _____ () C:\Users\user-pc\Downloads\FRST (2).exe

2014-07-25 10:00 - 2014-07-25 10:00 - 01081496 _____ () C:\Users\user-pc\Downloads\FRST (1).exe

2014-07-25 09:59 - 2014-07-25 10:00 - 01084416 _____ (Farbar) C:\Users\user-pc\Downloads\FRST.exe

2014-07-25 09:58 - 2014-07-25 09:59 - 02093568 _____ (Farbar) C:\Users\user-pc\Downloads\FRST64.exe

2014-07-25 09:42 - 2014-07-21 13:02 - 00052816 _____ (StdLib) C:\Windows\system32\Drivers\{fa53d675-4680-455e-ac21-

6ef151942a45}Gw.sys

2014-07-24 15:43 - 2014-07-25 08:43 - 00000038 _____ () C:\Users\user-pc\AppData\Roaming\WB.CFG

2014-07-24 13:40 - 2014-07-24 13:40 - 01308592 _____ ( ) C:\Users\user-pc\Downloads\Setup.exe

2014-07-24 13:36 - 2014-07-24 13:44 - 00001043 _____ () C:\Users\user-pc\Desktop\Continue FLV Player Installation.lnk

2014-07-24 13:35 - 2014-07-24 13:35 - 00656416 _____ () C:\Users\user-pc\Downloads\flvplayer.exe

2014-07-24 12:17 - 2014-07-24 12:17 - 00001247 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk

2014-07-24 12:16 - 2014-07-24 12:16 - 17042944 _____ () C:\Users\user-pc\Downloads\YTDSetup (1).exe

2014-07-24 11:58 - 2014-07-24 11:58 - 09663552 _____ (YoutubeDownloaderHD.com ) C:\Users\user-pc\Downloads

\youtube_downloader_hd_setup (1).exe

2014-07-24 11:34 - 2014-07-24 11:36 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\MBAMSwissArmy.sys

2014-07-24 11:33 - 2014-07-24 11:33 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-24 11:33 - 2014-07-24 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

Anti-Malware

2014-07-24 11:33 - 2014-07-24 11:33 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-24 11:33 - 2014-07-24 11:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-24 11:33 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-24 11:33 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbamchameleon.sys

2014-07-24 11:33 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-24 11:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-07-24 11:23 - 2014-07-25 10:03 - 00000000 ____D () C:\AdwCleaner

2014-07-24 11:18 - 2014-07-24 11:30 - 00016882 _____ () C:\Windows\PFRO.log

2014-07-24 11:15 - 2014-07-24 11:15 - 00000000 ____D () C:\_OTL

2014-07-24 11:10 - 2014-07-24 11:14 - 00602112 _____ (OldTimer Tools) C:\Users\user-pc\Downloads\OTL (1).exe

2014-07-24 11:06 - 2014-07-24 11:15 - 01305240 _____ (Malwarebytes Corporation ) C:\Users\user-pc\Downloads\Unconfirmed

653161.crdownload

2014-07-24 11:04 - 2014-07-24 11:07 - 01354223 _____ () C:\Users\user-pc\Desktop\AdwCleaner.exe

2014-07-24 08:26 - 2014-07-25 08:35 - 00077824 _____ () C:\Windows\WindowsUpdate.log

2014-07-18 15:06 - 2014-07-18 15:06 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-18 15:06 - 2014-07-18 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-18 15:05 - 2014-07-25 10:10 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-18 15:05 - 2014-07-25 08:15 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-18 15:04 - 2014-07-18 15:04 - 00895120 _____ (Google Inc.) C:\Users\user-pc\Downloads\ChromeSetup.exe

2014-07-16 17:39 - 2014-07-16 17:39 - 00026164 _____ () C:\Users\user-pc\Downloads\OneDrive-2014-07-16.zip

2014-07-15 17:47 - 2014-07-23 14:32 - 00000000 ____D () C:\Windows\Minidump

2014-07-15 17:47 - 2014-07-15 17:47 - 00423256 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-15 10:30 - 2014-07-15 10:30 - 00131814 _____ () C:\Users\user-pc\Downloads\OTL.Txt

2014-07-15 10:26 - 2014-07-15 10:26 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-07-15 10:12 - 2014-07-15 10:12 - 00602112 _____ (OldTimer Tools) C:\Users\user-pc\Downloads\OTL.exe

2014-07-15 10:03 - 2014-07-15 10:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user-pc\Downloads\mbam-setup-

2.0.2.1012.exe

2014-07-15 08:53 - 2014-07-15 08:53 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-07-15 08:50 - 2014-07-15 08:50 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard

2014-07-15 08:47 - 2014-07-15 17:44 - 02441216 _____ () C:\Windows\system32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬

彳湩敶瑮牯⹹慤

2014-07-15 08:19 - 2014-07-15 08:19 - 00688264 _____ (Yahoo! Inc.) C:\Users\user-pc\Downloads

\yahoo_firefox_in_wrap_2014.04.14.11.32.37(1).exe

2014-07-14 15:09 - 2014-07-15 17:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-07-14 15:09 - 2014-07-15 08:22 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla

Firefox.lnk

2014-07-14 15:09 - 2014-07-14 15:09 - 00000000 ____D () C:\ProgramData\Mozilla

2014-07-10 11:31 - 2014-07-14 16:57 - 00000000 ____D () C:\Users\user-pc\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Bluetooth

2014-07-10 11:16 - 2014-07-10 11:16 - 00000000 ____D () C:\Users\user-pc\Documents\Bluetooth Exchange Folder

2014-07-10 11:16 - 2014-07-10 11:16 - 00000000 ____D () C:\Users\user-pc\AppData\Local\Broadcom

2014-07-10 11:08 - 2014-07-10 11:07 - 01678040 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe

2014-07-10 11:08 - 2014-07-10 11:07 - 00191192 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys

2014-07-10 11:08 - 2014-07-10 11:07 - 00174936 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys

2014-07-10 11:08 - 2014-07-10 11:07 - 00157912 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys

2014-07-10 11:08 - 2014-07-10 11:07 - 00034616 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys

2014-07-10 11:08 - 2014-07-10 11:07 - 00031448 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys

2014-07-10 11:07 - 2014-07-10 11:07 - 00000000 ____D () C:\Program Files\WIDCOMM

2014-07-10 10:58 - 2014-07-10 10:59 - 15382392 _____ (Broadcom Corporation.) C:\Users\user-pc\Downloads

\SetupBtwDownloadSE.exe

2014-07-10 10:41 - 2014-07-10 10:41 - 00347816 _____ (Microsoft Corporation) C:\Users\user-pc\Downloads

\MicrosoftFixit.Devices.Run.exe

2014-07-09 14:15 - 2014-06-19 06:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-09 14:14 - 2014-06-19 06:24 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-09 14:14 - 2014-06-19 06:23 - 14368768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-09 14:14 - 2014-06-19 06:23 - 01766400 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-09 14:14 - 2014-06-19 06:23 - 01141760 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-09 14:14 - 2014-06-19 06:23 - 00661504 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-07-09 14:14 - 2014-06-19 06:23 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-09 14:14 - 2014-06-19 06:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-09 14:14 - 2014-06-19 06:23 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-09 14:14 - 2014-06-19 06:23 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-07-09 14:14 - 2014-06-19 06:22 - 13732352 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-09 14:14 - 2014-06-19 06:22 - 02863616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-09 14:14 - 2014-06-19 06:22 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-09 14:14 - 2014-06-19 06:22 - 01440768 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-09 14:14 - 2014-06-19 06:22 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-07-09 14:14 - 2014-06-19 06:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-09 14:14 - 2014-06-19 06:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-09 14:14 - 2014-06-19 06:22 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-07-09 14:14 - 2014-06-19 06:22 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-09 14:14 - 2014-06-19 06:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-09 14:14 - 2014-06-19 06:22 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-09 14:14 - 2014-06-19 06:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-09 14:14 - 2014-06-18 04:57 - 01440256 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-09 14:14 - 2014-06-11 09:09 - 03389440 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-09 14:14 - 2014-06-06 15:47 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-09 14:14 - 2014-05-30 05:01 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-09 14:14 - 2014-05-30 05:01 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll

2014-07-09 14:14 - 2014-05-30 03:52 - 00439296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-09 14:14 - 2014-05-03 10:23 - 05582680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-07-09 14:14 - 2014-05-03 10:21 - 01475056 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2014-07-09 14:14 - 2014-05-02 04:09 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2014-07-09 14:14 - 2014-04-30 04:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe

2014-07-09 14:14 - 2014-04-24 05:21 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-07-09 14:14 - 2014-04-24 05:21 - 00124928 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-09 14:14 - 2014-02-08 09:38 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys

2014-07-02 09:33 - 2014-07-02 09:33 - 00000000 ____D () C:\Users\user-pc\AppData\Roaming\AVG

2014-07-02 09:33 - 2014-07-02 09:33 - 00000000 ____D () C:\Users\user-pc\AppData\Local\AVG

2014-07-02 09:32 - 2014-07-02 10:52 - 00000000 ____D () C:\ProgramData\AVG

2014-07-02 09:32 - 2014-07-02 09:32 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2014-07-02 09:31 - 2014-07-24 12:15 - 00000000 ____D () C:\Program Files\Youtube Downloader HD

2014-07-02 09:31 - 2014-07-02 14:13 - 00000000 ____D () C:\Users\user-pc\AppData\Roaming\Youtube Downloader HD

2014-07-02 09:29 - 2014-07-02 09:29 - 09664032 _____ (YoutubeDownloaderHD.com ) C:\Users\user-pc\Downloads

\youtube_downloader_hd_setup.exe

2014-06-30 08:07 - 2014-07-16 17:39 - 00000000 ____D () C:\Users\user-pc\Documents\Unzipped

2014-06-30 08:02 - 2014-06-30 08:06 - 05678744 _____ () C:\Users\user-pc\Downloads\OneDrive-2014-06-29 (1).zip

2014-06-28 15:06 - 2014-07-19 12:27 - 00000000 ____D () C:\Users\user-pc\Radiology Images

2014-06-28 14:45 - 2014-06-28 14:45 - 00000000 ____D () C:\Users\user-pc\AppData\Roaming\ZteUpdateUI

2014-06-27 17:14 - 2014-06-27 17:14 - 00113000 _____ () C:\Users\user-pc\AppData\Local\GDIPFONTCACHEV1.DAT

2014-06-27 16:23 - 2014-06-27 16:27 - 00000000 ____D () C:\Users\user-pc\New folder

2014-06-27 16:08 - 2014-06-27 16:08 - 00001082 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\RadiAnt DICOM Viewer

(32-bit).lnk

2014-06-27 16:08 - 2014-06-27 16:08 - 00001076 _____ () C:\Users\Public\Desktop\RadiAnt DICOM Viewer (32-bit).lnk

2014-06-27 16:08 - 2014-06-27 16:08 - 00000000 ____D () C:\Users\user-pc\AppData\Local\RadiantViewer

2014-06-27 16:08 - 2014-06-27 16:08 - 00000000 ____D () C:\ProgramData\RadiAntViewer

2014-06-27 16:08 - 2014-06-27 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadiAnt DICOM

Viewer

2014-06-27 16:08 - 2014-06-27 16:08 - 00000000 ____D () C:\Program Files\RadiAntViewer32bit

2014-06-27 16:04 - 2014-06-27 16:05 - 02144136 _____ () C:\Users\user-pc\Downloads\radiantsetup19167446.exe

2014-06-25 20:50 - 2014-06-25 20:59 - 00033948 _____ () C:\Users\user-pc\Downloads

\yahoo_firefox_in_wrap_2014.04.14.11.32.37(2).exe

2014-06-25 00:46 - 2014-06-25 00:52 - 10689696 _____ (Irfan Skiljan) C:\Users\user-pc\Downloads

\irfanview_plugins_437_setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 10:10 - 2014-07-25 10:09 - 00013750 _____ () C:\Users\user-pc\Downloads\FRST.txt

2014-07-25 10:10 - 2014-07-18 15:05 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-25 10:09 - 2014-07-25 10:08 - 00000000 ____D () C:\FRST

2014-07-25 10:04 - 2014-06-13 04:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-25 10:03 - 2014-07-24 11:23 - 00000000 ____D () C:\AdwCleaner

2014-07-25 10:01 - 2014-07-25 10:01 - 02092108 _____ () C:\Users\user-pc\Downloads\FRST64 (1).exe

2014-07-25 10:00 - 2014-07-25 10:00 - 01084416 _____ () C:\Users\user-pc\Downloads\FRST (2).exe

2014-07-25 10:00 - 2014-07-25 10:00 - 01081496 _____ () C:\Users\user-pc\Downloads\FRST (1).exe

2014-07-25 10:00 - 2014-07-25 09:59 - 01084416 _____ (Farbar) C:\Users\user-pc\Downloads\FRST.exe

2014-07-25 09:59 - 2014-07-25 09:58 - 02093568 _____ (Farbar) C:\Users\user-pc\Downloads\FRST64.exe

2014-07-25 08:43 - 2014-07-24 15:43 - 00000038 _____ () C:\Users\user-pc\AppData\Roaming\WB.CFG

2014-07-25 08:38 - 2014-06-13 01:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-07-25 08:35 - 2014-07-24 08:26 - 00077824 _____ () C:\Windows\WindowsUpdate.log

2014-07-25 08:30 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\system32\sru

2014-07-25 08:15 - 2014-07-18 15:05 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-24 16:59 - 2014-06-13 00:48 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-24 13:44 - 2014-07-24 13:36 - 00001043 _____ () C:\Users\user-pc\Desktop\Continue FLV Player Installation.lnk

2014-07-24 13:40 - 2014-07-24 13:40 - 01308592 _____ ( ) C:\Users\user-pc\Downloads\Setup.exe

2014-07-24 13:35 - 2014-07-24 13:35 - 00656416 _____ () C:\Users\user-pc\Downloads\flvplayer.exe

2014-07-24 12:17 - 2014-07-24 12:17 - 00001247 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk

2014-07-24 12:17 - 2014-06-19 01:24 - 00000000 ____D () C:\ProgramData\YTD Video Downloader

2014-07-24 12:16 - 2014-07-24 12:16 - 17042944 _____ () C:\Users\user-pc\Downloads\YTDSetup (1).exe

2014-07-24 12:15 - 2014-07-02 09:31 - 00000000 ____D () C:\Program Files\Youtube Downloader HD

2014-07-24 11:58 - 2014-07-24 11:58 - 09663552 _____ (YoutubeDownloaderHD.com ) C:\Users\user-pc\Downloads

\youtube_downloader_hd_setup (1).exe

2014-07-24 11:53 - 2014-06-13 00:45 - 00000000 ____D () C:\Users\user-pc

2014-07-24 11:36 - 2014-07-24 11:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\MBAMSwissArmy.sys

2014-07-24 11:33 - 2014-07-24 11:33 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-24 11:33 - 2014-07-24 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

Anti-Malware

2014-07-24 11:33 - 2014-07-24 11:33 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-24 11:33 - 2014-07-24 11:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-24 11:31 - 2012-07-26 11:34 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-24 11:30 - 2014-07-24 11:18 - 00016882 _____ () C:\Windows\PFRO.log

2014-07-24 11:30 - 2012-07-26 09:47 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-07-24 11:15 - 2014-07-24 11:15 - 00000000 ____D () C:\_OTL

2014-07-24 11:15 - 2014-07-24 11:06 - 01305240 _____ (Malwarebytes Corporation ) C:\Users\user-pc\Downloads\Unconfirmed

653161.crdownload

2014-07-24 11:14 - 2014-07-24 11:10 - 00602112 _____ (OldTimer Tools) C:\Users\user-pc\Downloads\OTL (1).exe

2014-07-24 11:07 - 2014-07-24 11:04 - 01354223 _____ () C:\Users\user-pc\Desktop\AdwCleaner.exe

2014-07-23 15:14 - 2014-06-13 00:54 - 00000000 ____D () C:\Users\user-pc\AppData\Roaming\Winamp

2014-07-23 14:32 - 2014-07-15 17:47 - 00000000 ____D () C:\Windows\Minidump

2014-07-23 07:04 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-07-21 13:02 - 2014-07-25 09:42 - 00052816 _____ (StdLib) C:\Windows\system32\Drivers\{fa53d675-4680-455e-ac21-

6ef151942a45}Gw.sys

2014-07-21 11:00 - 2014-06-18 21:54 - 00000000 ____D () C:\Users\user-pc\Pinky

2014-07-19 14:36 - 2014-06-19 23:31 - 00000000 ____D () C:\Users\user-pc\POWERPOINT

2014-07-19 12:27 - 2014-06-28 15:06 - 00000000 ____D () C:\Users\user-pc\Radiology Images

2014-07-18 15:06 - 2014-07-18 15:06 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-18 15:06 - 2014-07-18 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-18 15:06 - 2014-06-13 00:55 - 00000000 ____D () C:\Program Files\Google

2014-07-18 15:04 - 2014-07-18 15:04 - 00895120 _____ (Google Inc.) C:\Users\user-pc\Downloads\ChromeSetup.exe

2014-07-16 17:39 - 2014-07-16 17:39 - 00026164 _____ () C:\Users\user-pc\Downloads\OneDrive-2014-07-16.zip

2014-07-16 17:39 - 2014-06-30 08:07 - 00000000 ____D () C:\Users\user-pc\Documents\Unzipped

2014-07-15 17:47 - 2014-07-15 17:47 - 00423256 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-15 17:46 - 2014-07-14 15:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-07-15 17:44 - 2014-07-15 08:47 - 02441216 _____ () C:\Windows\system32\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬

彳湩敶瑮牯⹹慤

2014-07-15 10:30 - 2014-07-15 10:30 - 00131814 _____ () C:\Users\user-pc\Downloads\OTL.Txt

2014-07-15 10:26 - 2014-07-15 10:26 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-07-15 10:23 - 2014-07-15 10:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user-pc\Downloads\mbam-setup-

2.0.2.1012.exe

2014-07-15 10:12 - 2014-07-15 10:12 - 00602112 _____ (OldTimer Tools) C:\Users\user-pc\Downloads\OTL.exe

2014-07-15 08:53 - 2014-07-15 08:53 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-07-15 08:50 - 2014-07-15 08:50 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard

2014-07-15 08:22 - 2014-07-14 15:09 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla

Firefox.lnk

2014-07-15 08:22 - 2014-06-13 00:54 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-07-15 08:22 - 2014-06-13 00:54 - 00000000 ____D () C:\Users\user-pc\AppData\Local\Mozilla

2014-07-15 08:21 - 2014-06-13 00:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-07-15 08:19 - 2014-07-15 08:19 - 00688264 _____ (Yahoo! Inc.) C:\Users\user-pc\Downloads

\yahoo_firefox_in_wrap_2014.04.14.11.32.37(1).exe

2014-07-14 16:57 - 2014-07-10 11:31 - 00000000 ____D () C:\Users\user-pc\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Bluetooth

2014-07-14 15:09 - 2014-07-14 15:09 - 00000000 ____D () C:\ProgramData\Mozilla

2014-07-12 16:22 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\system32\LogFiles

2014-07-11 11:37 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\rescache

2014-07-10 11:20 - 2012-07-26 12:23 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Accessibility

2014-07-10 11:20 - 2012-07-26 12:23 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Accessibility

2014-07-10 11:20 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\WinStore

2014-07-10 11:20 - 2012-07-26 12:20 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-10 11:20 - 2012-07-26 12:13 - 00000000 ____D () C:\Windows\CbsTemp

2014-07-10 11:19 - 2014-06-16 21:18 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-10 11:18 - 2014-06-16 21:18 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-07-10 11:18 - 2012-07-26 09:47 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-07-10 11:16 - 2014-07-10 11:16 - 00000000 ____D () C:\Users\user-pc\Documents\Bluetooth Exchange Folder

2014-07-10 11:16 - 2014-07-10 11:16 - 00000000 ____D () C:\Users\user-pc\AppData\Local\Broadcom

2014-07-10 11:07 - 2014-07-10 11:08 - 01678040 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe

2014-07-10 11:07 - 2014-07-10 11:08 - 00191192 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys

2014-07-10 11:07 - 2014-07-10 11:08 - 00174936 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys

2014-07-10 11:07 - 2014-07-10 11:08 - 00157912 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys

2014-07-10 11:07 - 2014-07-10 11:08 - 00034616 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys

2014-07-10 11:07 - 2014-07-10 11:08 - 00031448 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys

2014-07-10 11:07 - 2014-07-10 11:07 - 00000000 ____D () C:\Program Files\WIDCOMM

2014-07-10 10:59 - 2014-07-10 10:58 - 15382392 _____ (Broadcom Corporation.) C:\Users\user-pc\Downloads

\SetupBtwDownloadSE.exe

2014-07-10 10:41 - 2014-07-10 10:41 - 00347816 _____ (Microsoft Corporation) C:\Users\user-pc\Downloads

\MicrosoftFixit.Devices.Run.exe

2014-07-07 11:02 - 2012-07-26 12:23 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-07-02 14:13 - 2014-07-02 09:31 - 00000000 ____D () C:\Users\user-pc\AppData\Roaming\Youtube Downloader HD

2014-07-02 10:52 - 2014-07-02 09:32 - 00000000 ____D () C:\ProgramData\AVG

2014-07-02 09:33 - 2014-07-02 09:33 - 00000000 ____D () C:\Users\user-pc\AppData\Roaming\AVG

2014-07-02 09:33 - 2014-07-02 09:33 - 00000000 ____D () C:\Users\user-pc\AppData\Local\AVG

2014-07-02 09:32 - 2014-07-02 09:32 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2014-07-02 09:29 - 2014-07-02 09:29 - 09664032 _____ (YoutubeDownloaderHD.com ) C:\Users\user-pc\Downloads

\youtube_downloader_hd_setup.exe

2014-06-30 08:06 - 2014-06-30 08:02 - 05678744 _____ () C:\Users\user-pc\Downloads\OneDrive-2014-06-29 (1).zip

2014-06-28 14:45 - 2014-06-28 14:45 - 00000000 ____D () C:\Users\user-pc\AppData\Roaming\ZteUpdateUI

2014-06-27 17:14 - 2014-06-27 17:14 - 00113000 _____ () C:\Users\user-pc\AppData\Local\GDIPFONTCACHEV1.DAT

2014-06-27 16:27 - 2014-06-27 16:23 - 00000000 ____D () C:\Users\user-pc\New folder

2014-06-27 16:08 - 2014-06-27 16:08 - 00001082 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\RadiAnt DICOM Viewer

(32-bit).lnk

2014-06-27 16:08 - 2014-06-27 16:08 - 00001076 _____ () C:\Users\Public\Desktop\RadiAnt DICOM Viewer (32-bit).lnk

2014-06-27 16:08 - 2014-06-27 16:08 - 00000000 ____D () C:\Users\user-pc\AppData\Local\RadiantViewer

2014-06-27 16:08 - 2014-06-27 16:08 - 00000000 ____D () C:\ProgramData\RadiAntViewer

2014-06-27 16:08 - 2014-06-27 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadiAnt DICOM

Viewer

2014-06-27 16:08 - 2014-06-27 16:08 - 00000000 ____D () C:\Program Files\RadiAntViewer32bit

2014-06-27 16:05 - 2014-06-27 16:04 - 02144136 _____ () C:\Users\user-pc\Downloads\radiantsetup19167446.exe

2014-06-27 02:23 - 2014-06-18 21:41 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-06-27 02:23 - 2014-06-18 21:41 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows

\system32\FlashPlayerCPLApp.cpl

2014-06-25 20:59 - 2014-06-25 20:50 - 00033948 _____ () C:\Users\user-pc\Downloads

\yahoo_firefox_in_wrap_2014.04.14.11.32.37(2).exe

2014-06-25 03:14 - 2014-06-13 00:56 - 00000000 ____D () C:\ProgramData\Google

2014-06-25 03:14 - 2014-06-13 00:55 - 00000000 ____D () C:\Users\user-pc\AppData\Local\Google

2014-06-25 01:10 - 2014-06-13 00:54 - 00000000 ____D () C:\Program Files\Winamp

2014-06-25 00:52 - 2014-06-25 00:46 - 10689696 _____ (Irfan Skiljan) C:\Users\user-pc\Downloads

\irfanview_plugins_437_setup.exe

Some content of TEMP:

====================

C:\Users\user-pc\AppData\Local\Temp\ICReinstall_flvplayer.exe

C:\Users\user-pc\AppData\Local\Temp\ICReinstall_Setup.exe

C:\Users\user-pc\AppData\Local\Temp\ochelper.exe

C:\Users\user-pc\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-21 06:40

==================== End Of Log ============================

2. Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-07-2014 01

Ran by Sarojini at 2014-07-25 10:10:56

Running from C:\Users\user-pc\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform)

Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)

Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)

Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

RadiAnt DICOM Viewer (32-bit) (HKLM\...\RadiAnt32) (Version: 1.9.16.7446 - Medixant)

Reliance Netconnect+ (HKLM\...\ZTEWireless-101_is1) (Version: - )

Skype™ 5.5 (HKLM\...\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}) (Version: 5.5.110 - Skype Technologies S.A.)

VLC media player 0.9.9 (HKLM\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)

WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8050 - Broadcom Corporation)

Winamp (HKLM\...\Winamp) (Version: 5.54 - Nullsoft, Inc)

WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )

YTD Video Downloader 4.8.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.3 - GreenTree Applications SRL)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-339546876-1381599416-2239483375-1001_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\user-pc\AppData\Local\Conduit\Community Alerts\Alert.dll No File

==================== Restore Points =========================

15-07-2014 03:21:44 Installed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 09:47 - 2014-07-24 11:15 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {46108C2E-2246-4F56-B775-7A86EAD5602F} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()

Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {57C93EE5-6FA5-4D88-9051-7531ACF3FA0A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)

Task: {9630BE8B-0D95-4D31-8BDD-DE2E8F123D52} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)

Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {E178FEB7-A28D-4837-9137-08517BC40B54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-18] (Google Inc.)

Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {F1838832-A45D-4DF9-B50D-E4C8F4BD0AD9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)

Task: {FFE1C043-2A37-466F-8263-E467D49637E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-18] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-10 14:03 - 2013-10-10 14:03 - 00044760 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll

2014-06-13 21:22 - 2011-11-01 04:07 - 00512000 _____ () C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe

2013-06-18 01:05 - 2013-06-18 01:05 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll

2013-05-09 03:22 - 2013-05-09 03:22 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll

2012-07-26 12:25 - 2012-07-26 12:21 - 00143216 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll

2014-07-18 15:06 - 2014-07-15 14:54 - 00718664 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libglesv2.dll

2014-07-18 15:06 - 2014-07-15 14:54 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libegl.dll

2014-07-18 15:06 - 2014-07-15 14:54 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-18 15:06 - 2014-07-15 14:54 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-18 15:06 - 2014-07-15 14:54 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

HKLM\...\StartupApproved\StartupFolder: => "Adobe Reader Speed Launch.lnk"

HKLM\...\StartupApproved\StartupFolder: => "Adobe Reader Synchronizer.lnk"

HKLM\...\StartupApproved\StartupFolder: => "WinZip Quick Pick.lnk"

HKLM\...\StartupApproved\Run: => "Google Desktop Search"

HKLM\...\StartupApproved\Run: => "GrooveMonitor"

HKLM\...\StartupApproved\Run: => "WinampAgent"

HKCU\...\StartupApproved\Run: => "swg"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (07/25/2014 10:07:54 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

Error: (07/25/2014 10:07:54 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

Error: (07/25/2014 10:07:33 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

Error: (07/25/2014 10:07:33 AM) (Source: SideBySide) (EventID: 59) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

Invalid Xml syntax.

Error: (07/25/2014 10:05:07 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program AdwCleaner.exe version 3.2.1.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4a4

Start Time: 01cfa7c042ad9d88

Termination Time: 4294967295

Application Path: C:\Users\user-pc\Desktop\AdwCleaner.exe

Report Id: 0c200953-13b5-11e4-afa9-0c6076e4c1d1

Faulting package full name:

Faulting package-relative application ID:

Error: (07/25/2014 08:58:43 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007007B

Command-line arguments:

RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/25/2014 08:16:05 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007007B

Command-line arguments:

Error: (07/25/2014 08:16:03 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007007B

Command-line arguments:

Error: (07/25/2014 06:16:38 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007007B

Command-line arguments:

Error: (07/25/2014 06:12:34 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007007B

Command-line arguments:

System errors:

=============

Error: (07/25/2014 10:06:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Update App Bud service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/25/2014 10:06:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Util App Bud service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/24/2014 03:11:00 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Error: (07/24/2014 11:15:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/21/2014 05:00:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (07/21/2014 04:53:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (07/21/2014 07:58:52 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Error: (07/19/2014 01:19:11 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Error: (07/19/2014 00:46:51 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Error: (07/19/2014 10:13:37 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Percentage of memory in use: 53%

Total physical RAM: 2008.61 MB

Available physical RAM: 940.65 MB

Total Pagefile: 4056.61 MB

Available Pagefile: 2660.61 MB

Total Virtual: 2047.88 MB

Available Virtual: 1825.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.66 GB) (Free:70.28 GB) NTFS

Drive d: () (Fixed) (Total:200 GB) (Free:175.38 GB) NTFS

Drive e: () (Fixed) (Total:165.76 GB) (Free:165.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4D476B20)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=200 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=166 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Thank you so much for your valuable time.

#9
emeraldnzl

Posted 25 July 2014 - 01:43 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Hari Prahlad,

I assume your machines OS is Windows 8, that is, not Windows 8.1

Assuming it is Win 8 then do this:

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Double click on ComboFix.exe & follow the prompts.
If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
Your desktop may go blank. This is normal.
ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#10
Hari Prahlad

Posted 25 July 2014 - 09:23 PM

Member

Topic Starter
Member
301 posts

Hi emeraldnzl,

As directed by you I have run ComboFix.

Kindly find below log file...

ComboFix 14-07-25.01 - Sarojini 07/26/2014 8:36.1.2 - x86

Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.2009.1330 [GMT 5.5:30]

Running from: c:\users\user-pc\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\users\user-pc\AppData\Local\Adobe\AdbeRdr11007_en_US.exe

c:\users\user-pc\AppData\Local\Adobe\gccheck.exe

c:\users\user-pc\AppData\Local\Adobe\gtbcheck.exe

c:\users\user-pc\AppData\Local\Adobe\SecurityScan_Release.exe

c:\users\user-pc\powerpoint

c:\users\user-pc\powerpoint\Breast - Shortcut.lnk

c:\users\user-pc\powerpoint\Breast MRI Bx Talk - BW - PDF.pdf

c:\users\user-pc\powerpoint\IMAGING OF THE BREAST WITH - Shortcut.lnk

c:\users\user-pc\powerpoint\IMG-0001-00001.jpg

c:\users\user-pc\powerpoint\IMG-0002-00001.jpg

c:\users\user-pc\powerpoint\MRI BREAST - Shortcut.lnk

c:\users\user-pc\powerpoint\New folder\IMG-0001-00001.jpg

c:\users\user-pc\powerpoint\NEW FOR 2014 - Copy.pptx

((((((((((((((((((((((((( Files Created from 2014-06-26 to 2014-07-26 )))))))))))))))))))))))))))))))

2014-07-25 04:38 . 2014-07-25 04:41 -------- d-----w- C:\FRST

2014-07-25 04:12 . 2014-07-21 07:32 52816 ----a-w- c:\windows\system32\drivers\{fa53d675-4680-455e-ac21-6ef151942a45}Gw.sys

2014-07-24 06:04 . 2014-07-24 06:06 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-07-24 06:03 . 2014-07-24 06:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware

2014-07-24 06:03 . 2014-07-24 06:03 -------- d-----w- c:\programdata\Malwarebytes

2014-07-24 06:03 . 2014-05-12 01:56 51928 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-07-24 06:03 . 2014-05-12 01:55 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-07-24 06:03 . 2014-05-12 01:55 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-07-24 06:03 . 2014-07-24 06:03 -------- d-----w- c:\users\user-pc\AppData\Local\Programs

2014-07-24 05:54 . 2010-08-30 03:04 536576 ----a-w- c:\windows\system32\sqlite3.dll

2014-07-24 05:53 . 2014-07-25 04:33 -------- d-----w- C:\AdwCleaner

2014-07-24 05:45 . 2014-07-24 05:45 -------- d-----w- C:\_OTL

2014-07-15 03:23 . 2014-07-15 03:23 -------- d-----w- c:\program files\Enigma Software Group

2014-07-15 03:20 . 2014-07-15 03:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2014-07-15 02:51 . 2014-06-06 06:55 65536 ----a-w- c:\program files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

2014-07-15 02:51 . 2014-06-06 04:39 46704 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll

2014-07-15 02:51 . 2014-06-06 04:38 93808 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe

2014-07-15 02:51 . 2014-06-06 04:38 170960 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe

2014-07-15 02:51 . 2014-06-06 04:38 28272 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe

2014-07-15 02:51 . 2014-06-06 04:38 822384 ----a-w- c:\program files\Mozilla Firefox\icuuc52.dll

2014-07-15 02:51 . 2014-06-06 04:38 1022576 ----a-w- c:\program files\Mozilla Firefox\icuin52.dll

2014-07-15 02:51 . 2014-06-06 04:38 10594416 ----a-w- c:\program files\Mozilla Firefox\icudt52.dll

2014-07-15 02:51 . 2010-03-18 16:15 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2014-07-15 02:51 . 2010-03-18 16:15 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2014-07-15 02:51 . 2014-06-06 04:38 75376 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll

2014-07-14 09:39 . 2014-07-15 12:16 -------- d-----w- c:\program files\Mozilla Maintenance Service

2014-07-14 09:39 . 2014-06-06 04:38 142960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2014-07-14 09:39 . 2014-06-06 04:38 19056 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2014-07-14 09:39 . 2014-06-06 04:38 198224 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2014-07-14 09:39 . 2014-06-06 04:38 119408 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2014-07-14 09:39 . 2014-06-06 04:38 647280 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2014-07-14 09:39 . 2014-06-06 04:38 53360 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2014-07-14 09:39 . 2014-06-06 04:38 4855920 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2014-07-14 09:39 . 2010-05-26 18:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2014-07-14 09:39 . 2014-06-06 04:38 3852912 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2014-07-10 05:46 . 2014-07-10 05:46 -------- d-----w- c:\users\user-pc\AppData\Local\Broadcom

2014-07-10 05:38 . 2014-07-10 05:37 1678040 ----a-w- c:\windows\system32\BtwRSupportService.exe

2014-07-10 05:38 . 2014-07-10 05:37 34616 ----a-w- c:\windows\system32\drivers\btwl2cap.sys

2014-07-10 05:38 . 2014-07-10 05:37 31448 ----a-w- c:\windows\system32\drivers\btwrchid.sys

2014-07-10 05:38 . 2014-07-10 05:37 191192 ----a-w- c:\windows\system32\drivers\btwavdt.sys

2014-07-10 05:38 . 2014-07-10 05:37 174936 ----a-w- c:\windows\system32\drivers\bcbtums.sys

2014-07-10 05:38 . 2014-07-10 05:37 157912 ----a-w- c:\windows\system32\drivers\btwaudio.sys

2014-07-10 05:37 . 2014-07-10 05:37 -------- d-----w- c:\program files\WIDCOMM

2014-07-02 04:03 . 2014-07-02 04:03 -------- d-----w- c:\users\user-pc\AppData\Roaming\AVG

2014-07-02 04:03 . 2014-07-02 04:03 -------- d-----w- c:\users\user-pc\AppData\Local\AVG

2014-07-02 04:02 . 2014-07-02 05:22 -------- d-----w- c:\programdata\AVG

2014-07-02 04:02 . 2014-07-02 04:02 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2014-07-02 04:02 . 2014-07-02 04:02 -------- d--h--w- c:\programdata\Common Files

2014-07-02 04:01 . 2014-07-02 08:43 -------- d-----w- c:\users\user-pc\AppData\Roaming\Youtube Downloader HD

2014-07-02 04:01 . 2014-07-24 06:45 -------- d-----w- c:\program files\Youtube Downloader HD

2014-06-28 09:36 . 2014-07-19 06:57 -------- d-----w- c:\users\user-pc\Radiology Images

2014-06-28 09:15 . 2014-06-28 09:15 -------- d-----w- c:\users\user-pc\AppData\Roaming\ZteUpdateUI

2014-06-27 10:53 . 2014-06-27 10:57 -------- d-----w- c:\users\user-pc\New folder

2014-06-27 10:38 . 2014-06-27 10:38 -------- d-----w- c:\users\user-pc\AppData\Local\RadiantViewer

2014-06-27 10:38 . 2014-06-27 10:38 -------- d-----w- c:\program files\RadiAntViewer32bit

2014-06-27 10:38 . 2014-06-27 10:38 -------- d-----w- c:\programdata\RadiAntViewer

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-07-23 04:30 . 2014-06-17 16:24 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2014-06-30 02:27 . 2012-07-26 06:53 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2014-06-26 20:53 . 2014-06-18 16:11 703968 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-06-26 20:53 . 2014-06-18 16:11 105440 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-06-12 20:20 . 2014-02-25 22:16 54880 ----a-w- c:\windows\system32\drivers\klwfp.sys

2014-06-12 20:20 . 2014-06-12 19:49 94304 ----a-w- c:\windows\system32\drivers\klflt.sys

2014-06-06 10:47 . 2014-06-06 10:47 4558848 ----a-w- c:\windows\system32\GPhotos.scr

2014-05-03 04:06 . 2014-06-14 16:58 2800128 ----a-w- c:\windows\system32\rdpcorets.dll

2014-04-29 22:31 . 2014-06-14 17:02 1075712 ----a-w- c:\windows\system32\gdi32.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]

c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2013-10-10 447192]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-9 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableCursorSuppression"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"disablecad"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

R0 klelam;klelam;c:\windows\system32\DRIVERS\klelam.sys [2014-02-25 24672]

R2 UDisk Monitor;UDisk Monitor;c:\program files\Reliance Netconnect+\bin\MonServiceUDisk.exe [2011-10-31 512000]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [2011-10-27 105472]

R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys [2014-06-12 94304]

S1 {fa53d675-4680-455e-ac21-6ef151942a45}Gw;{fa53d675-4680-455e-ac21-6ef151942a45}Gw;c:\windows\system32\drivers\{fa53d675-4680-455e-ac21-6ef151942a45}Gw.sys [2014-07-21 52816]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2014-02-25 25696]

S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]

S1 klwfp;klwfp;c:\windows\system32\DRIVERS\klwfp.sys [2014-06-12 54880]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2014-02-25 144992]

S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2014-07-10 1678040]

S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2014-07-10 174936]

S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys [2013-10-28 144600]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2014-07-10 34616]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2014-02-25 25184]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2014-02-25 25696]

S3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk63x86.sys [2012-07-25 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-07-18 09:36 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12 04:34]

2014-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-18 09:35]

2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-18 09:35]

------- Supplementary Scan -------

uStart Page = hxxp://google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 113.193.12.14 113.193.1.14

FF - ProfilePath - c:\users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default\

FF - ExtSQL: 2014-06-13 00:56; {930f1200-f5f1-4870-bac6-e233ec8e7023}; c:\users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\1qmvxihn.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}

FF - ExtSQL: 2014-06-13 01:50; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]

FF - ExtSQL: 2014-06-13 01:51; [email protected]; c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]

- - - - ORPHANS REMOVED - - - -

AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\GreenTree Applications\YTD Video Downloader\uninstall.exe

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

@SACL=(02 0000)

Completion time: 2014-07-26 08:44:03

ComboFix-quarantined-files.txt 2014-07-26 03:14

Pre-Run: 75,973,316,608 bytes free

Post-Run: 75,759,407,104 bytes free

- - End Of File - - 6CCF72679DE39F1909324C4A407FF078

A36C5E4F47E84449FF07ED3517B43A31

Thank you for your valuable time.

#11
Hari Prahlad

Posted 25 July 2014 - 09:32 PM

Member

Topic Starter
Member
301 posts

I am unable to use Internet Explorer. I get popup messages about objects, property, and method. Kindly advise what I should do and how I should go about doing it.

I contacted Naathim in the Browsers Forum and this is what he had to say:

"Please inform emeraldnzl about your situation and the issues with IE as it may be related. Come here only after finishing work there, if you will be given all clear and the problem will persist.

Cheers,

Naat"

Hope you can guide me regarding this too, emeraldnzl.

#12
emeraldnzl

Posted 25 July 2014 - 10:36 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Hari Prahlad,

I am unable to use Internet Explorer. I get popup messages about objects, property, and method.

Three things:

Firstly - removing malware is most often a multi step process. It's not a good idea to use the internet while we are trying to clean your machine. If the active malicious file hasn't been removed you only reinfect the computer.

Second - see how your IE browser is after the next fix. If you are still having problems try rebooting your computer and see whether IE is still not responding. ComboFix disconnects from the internet to stop interference while it is working sometimes another reboot is required to get things working properly afterwards.

Thirdly - it is not a good idea to get advice from another helper while you are working already with one. There may be conflicting advice that makes the computer worse. Having said that, Naat is a very good anti-malware fighter as well as knowing about technical issues. If at any stage you wish to change helper let me know.

Moving on

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quote box below into it:

KillAll::

Driver::
{fa53d675-4680-455e-ac21-6ef151942a45}Gw

File::
c:\windows\system32\drivers\{fa53d675-4680-455e-ac21-6ef151942a45}Gw.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

#13
Hari Prahlad

Posted 28 July 2014 - 07:05 AM

Member

Topic Starter
Member
301 posts

My apologies, emeraldnzl. I had posted separately on the browser forum thinking that both issues were not connected. I did not try to change helpers at all. Again, I'm sorry I did something dumb. :no:

I will follow your instructions in the above post and apologies for the late reply.

#14
emeraldnzl

Posted 28 July 2014 - 03:56 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Look forward to seeing the ComboFix.txt

#15
Hari Prahlad

Posted 28 July 2014 - 10:28 PM

Member

Topic Starter
Member
301 posts

Hi emeraldnzl,

Here is the ComboFix log file:--

ComboFix 14-07-25.01 - Sarojini 07/29/2014 9:44.3.2 - x86

Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.2009.1212 [GMT 5.5:30]

Running from: c:\users\user-pc\Desktop\ComboFix.exe

Command switches used :: c:\users\user-pc\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::

"c:\windows\system32\drivers\{fa53d675-4680-455e-ac21-6ef151942a45}Gw.sys"

((((((((((((((((((((((((( Files Created from 2014-06-28 to 2014-07-29 )))))))))))))))))))))))))))))))

2014-07-29 04:19 . 2014-07-29 04:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-07-29 04:07 . 2014-07-29 04:21 -------- d-----w- c:\users\user-pc\AppData\Local\temp