Hi,
My avast keeps on notifying me with the tag URL:MAL,
this happens even when both firefox and chrome are not running.
I ran a scan with FRST and it gave the following log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Kapil (administrator) on KAPIL-LAPTOP on 04-08-2014 22:31:11
Running from C:\Users\Kapil\Desktop\New folder (4)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Facebook Inc.) C:\Users\Kapil\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
() C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-04] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1274840 2013-12-24] ()
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-06-23] (IObit)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [Facebook Update] => C:\Users\Kapil\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-05] (Facebook Inc.)
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [GoogleChromeAutoLaunch_B7441394D1253E362664A5E81D9C6B4B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [Google Update] => "C:\Users\Kapil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [BlackBerryLink.exe] => "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [SearchProtection] => "C:\Users\Kapil\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Run: [Browser Extensions] => "C:\Users\Kapil\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\MountPoints2: {0cb84240-f66b-11e3-bec4-a8e3eee727dc} - "D:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2386906494-3172876625-2459396632-1001\...\MountPoints2: {1a0b56cb-39b2-11e3-be8e-2016d8eca69e} - "D:\laucher.exe"
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2014-07-04] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.ya...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.ya...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com...t&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {5FD353DA-920A-402A-A545-75F860B29945} URL = http://www.bing.com/...E10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {5FD353DA-920A-402A-A545-75F860B29945} URL = http://www.bing.com/...E10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKCU - {5FD353DA-920A-402A-A545-75F860B29945} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKCU - {9F9AEAF9-0FD2-4668-B312-4D6DAE9B99BC} URL = http://uk.search.yah...p={searchTerms}
SearchScopes: HKCU - {F4DB8FCB-B603-45FC-86CA-17728C232EAA} URL = https://uk.search.ya...p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: www.google.co.uk
FF Keyword.URL: https://uk.search.ya...&type=800236&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Kapil\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kapil\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kapil\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kapil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\searchplugins\yahoo_ff.xml
FF Extension: Ads Removal - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF Extension: Slick Savings - C:\Users\Kapil\AppData\Roaming\Mozilla\Firefox\Profiles\on6baj6b.default\Extensions\[email protected] [2014-08-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-25]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: https://uk.search.ya...p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-22]
CHR Extension: (Google Drive) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-22]
CHR Extension: (YouTube) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-22]
CHR Extension: (Adblock Plus) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-22]
CHR Extension: (Google Search) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-22]
CHR Extension: (save uon) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkikogkacicajhoiplaibfeiijlgjjh [2014-07-01]
CHR Extension: (Keep Me) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-07-01]
CHR Extension: (AdBlock) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-22]
CHR Extension: (avast! Online Security) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-01]
CHR Extension: (Truck Wars) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbgalpinpdaaldlkloajaaiiahmfomk [2013-11-22]
CHR Extension: (World Weather) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jefnaahehlimdapgicdacbgklnedgoje [2013-11-22]
CHR Extension: (Cargo Bridge) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2013-11-22]
CHR Extension: (Little Alchemy) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-11-22]
CHR Extension: (Traffic Talent) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgegdofhghiobhllaniipmplkbligpi [2013-11-22]
CHR Extension: (Top Eleven) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2013-11-22]
CHR Extension: (Google I/O: input/output) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmphclbekipaojhpbkbofoioffecilh [2013-11-22]
CHR Extension: (Hangouts) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-12-15]
CHR Extension: (Google Wallet) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
CHR Extension: (Burger Shop 2) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiahdjilmlekhacfggeipddaklcbiljf [2013-11-22]
CHR Extension: (Gmail) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-22]
CHR Extension: (save uon) - C:\Users\Kapil\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkikogkacicajhoiplaibfeiijlgjjh\2.14 [2014-07-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-05-08] (Fork Ltd.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-07-10] (Trusteer Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-01] ()
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R1 RapportCerberus_69875; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys [631128 2014-08-01] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-07-10] (Trusteer Ltd.)
S3 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [288440 2014-07-10] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-07-10] (Trusteer Ltd.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-07-10] (Trusteer Ltd.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-01] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 22:18 - 2014-08-04 22:31 - 00000000 ____D () C:\FRST
2014-08-04 22:17 - 2014-08-04 22:31 - 00000000 ____D () C:\Users\Kapil\Desktop\New folder (4)
2014-08-04 22:02 - 2014-08-04 22:03 - 01016261 _____ (Thisisu) C:\Users\Kapil\Downloads\JRT.exe
2014-08-04 22:02 - 2014-08-04 22:02 - 01361309 _____ () C:\Users\Kapil\Downloads\AdwCleaner.exe
2014-08-02 01:22 - 2014-08-04 22:11 - 00000000 ____D () C:\ProgramData\IObit
2014-08-02 01:22 - 2014-08-02 01:22 - 00001164 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-08-02 01:22 - 2014-08-02 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-08-02 01:21 - 2014-08-02 01:21 - 00000000 ____D () C:\Users\Kapil\AppData\Roaming\IObit
2014-08-02 01:21 - 2014-08-02 01:21 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-02 01:20 - 2014-08-02 01:20 - 26163624 _____ (IObit ) C:\Users\Kapil\Downloads\IObit-Malware-Figher-Setup.exe
2014-08-01 23:55 - 2014-08-01 23:55 - 00000000 _____ () C:\Recovery.txt
2014-08-01 23:15 - 2014-08-01 23:15 - 01707144 _____ () C:\Users\Kapil\Downloads\Adaware_Installer.exe
2014-08-01 23:15 - 2014-08-01 23:15 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-01 22:40 - 2014-08-01 22:40 - 00029160 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-08-01 22:40 - 2014-08-01 22:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-01 22:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-01 22:39 - 2014-08-01 22:39 - 04806744 _____ () C:\Users\Kapil\Downloads\RogueKiller(1).exe
2014-08-01 22:39 - 2014-08-01 22:39 - 01361309 _____ () C:\Users\Kapil\Downloads\adwcleaner_3.302.exe
2014-08-01 22:38 - 2014-08-01 22:38 - 00854390 _____ () C:\Users\Kapil\Downloads\SecurityCheck.exe
2014-08-01 22:25 - 2014-08-01 22:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Kapil\Downloads\tdskiller.exe
2014-08-01 22:25 - 2014-08-01 22:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kapil\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 22:25 - 2014-08-01 22:25 - 04806744 _____ () C:\Users\Kapil\Downloads\RogueKiller.exe
2014-08-01 22:24 - 2014-08-01 22:25 - 00001205 _____ () C:\Users\Kapil\Downloads\FixNCR.reg
2014-08-01 21:59 - 2014-08-01 21:59 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-08-01 21:59 - 2014-08-01 21:59 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-01 21:59 - 2014-08-01 21:59 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-28 01:07 - 2014-07-28 01:07 - 00000000 ____D () C:\Users\Kapil\Downloads\TNA Impact Wrestling HDTV 2014-07-24 720p H264 AVCHD-SC-SDH
2014-07-28 01:07 - 2014-07-28 01:07 - 00000000 ____D () C:\Users\Kapil\Downloads\TNA Impact Wrestling 2014 07 24 HDTV x264 DX-TV -={SPARROW}=-
2014-07-23 21:40 - 2014-07-23 21:40 - 06098848 _____ (EaseUS ) C:\Users\Kapil\Downloads\drw_trial.exe
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.0
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-07-22 21:38 - 2014-07-22 21:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-11 03:28 - 2014-07-11 03:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 21:59 - 2014-04-14 04:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 21:23 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 21:23 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 21:23 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 21:23 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 21:23 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 21:23 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 21:23 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 21:23 - 2014-06-19 00:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 21:23 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 21:23 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 21:23 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 21:23 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 21:23 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 21:23 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 21:23 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 21:23 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 21:23 - 2014-06-18 23:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 21:23 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 21:23 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 21:23 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 21:23 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 21:23 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 21:23 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 21:23 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 21:23 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 21:23 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 21:23 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 21:23 - 2014-06-16 23:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 21:23 - 2014-06-16 23:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 21:23 - 2014-06-06 15:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 21:23 - 2014-05-30 04:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 21:23 - 2014-05-29 13:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 21:23 - 2014-05-29 08:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 21:23 - 2014-05-29 07:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 21:23 - 2014-05-29 07:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 21:23 - 2014-05-29 06:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 21:23 - 2014-05-29 06:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 21:22 - 2014-06-30 23:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-10 21:22 - 2014-06-28 08:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-10 21:22 - 2014-06-28 08:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-10 21:22 - 2014-06-06 14:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 21:22 - 2014-06-06 13:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 21:22 - 2014-05-31 11:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 21:22 - 2014-05-31 11:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 21:22 - 2014-05-31 04:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 21:22 - 2014-05-31 04:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 21:22 - 2014-05-31 04:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 21:22 - 2014-05-31 04:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 21:22 - 2014-05-31 04:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 21:22 - 2014-05-31 04:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 21:22 - 2014-05-31 03:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 21:22 - 2014-05-31 03:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 21:22 - 2014-05-31 03:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 21:22 - 2014-05-31 03:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 21:22 - 2014-05-31 03:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 21:22 - 2014-05-31 03:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 21:22 - 2014-05-31 03:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 21:17 - 2014-07-10 21:17 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-06 20:31 - 2014-07-06 20:31 - 00000000 ____D () C:\Users\Kapil\Downloads\Zlatan Ibrahimovic, I am Zlatan epub [dovah]
2014-07-06 20:07 - 2014-07-06 20:07 - 00000000 ____D () C:\Users\Kapil\Downloads\I Think Therefore I Play by Andrea Pirlo
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-04 22:31 - 2014-08-04 22:18 - 00000000 ____D () C:\FRST
2014-08-04 22:31 - 2014-08-04 22:17 - 00000000 ____D () C:\Users\Kapil\Desktop\New folder (4)
2014-08-04 22:26 - 2014-01-15 16:29 - 02059919 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 22:26 - 2013-11-24 07:14 - 00000000 ____D () C:\Users\Kapil\AppData\Roaming\Skype
2014-08-04 22:22 - 2013-11-22 23:16 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-04 22:22 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-04 22:16 - 2014-01-17 17:00 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E9920FAA-8CA4-4057-9759-F44F65954C94}
2014-08-04 22:11 - 2014-08-02 01:22 - 00000000 ____D () C:\ProgramData\IObit
2014-08-04 22:09 - 2013-11-14 05:34 - 00109488 _____ () C:\WINDOWS\PFRO.log
2014-08-04 22:08 - 2013-10-19 21:06 - 00000000 ____D () C:\AdwCleaner
2014-08-04 22:07 - 2013-12-15 22:32 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2386906494-3172876625-2459396632-1001UA.job
2014-08-04 22:03 - 2014-08-04 22:02 - 01016261 _____ (Thisisu) C:\Users\Kapil\Downloads\JRT.exe
2014-08-04 22:02 - 2014-08-04 22:02 - 01361309 _____ () C:\Users\Kapil\Downloads\AdwCleaner.exe
2014-08-04 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-04 22:02 - 2013-07-25 21:20 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-04 22:00 - 2014-07-04 17:57 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 22:00 - 2013-11-14 13:45 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-04 21:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-02 02:57 - 2013-11-22 23:16 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 02:05 - 2013-07-25 20:47 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2386906494-3172876625-2459396632-1001
2014-08-02 01:22 - 2014-08-02 01:22 - 00001164 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-08-02 01:22 - 2014-08-02 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-08-02 01:21 - 2014-08-02 01:21 - 00000000 ____D () C:\Users\Kapil\AppData\Roaming\IObit
2014-08-02 01:21 - 2014-08-02 01:21 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-02 01:20 - 2014-08-02 01:20 - 26163624 _____ (IObit ) C:\Users\Kapil\Downloads\IObit-Malware-Figher-Setup.exe
2014-08-02 00:52 - 2013-11-05 19:47 - 00000954 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2386906494-3172876625-2459396632-1001UA.job
2014-08-01 23:55 - 2014-08-01 23:55 - 00000000 _____ () C:\Recovery.txt
2014-08-01 23:15 - 2014-08-01 23:15 - 01707144 _____ () C:\Users\Kapil\Downloads\Adaware_Installer.exe
2014-08-01 23:15 - 2014-08-01 23:15 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-01 22:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-01 22:44 - 2013-10-10 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-08-01 22:42 - 2013-07-25 20:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 22:40 - 2014-08-01 22:40 - 00029160 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-08-01 22:40 - 2014-08-01 22:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-01 22:39 - 2014-08-01 22:39 - 04806744 _____ () C:\Users\Kapil\Downloads\RogueKiller(1).exe
2014-08-01 22:39 - 2014-08-01 22:39 - 01361309 _____ () C:\Users\Kapil\Downloads\adwcleaner_3.302.exe
2014-08-01 22:38 - 2014-08-01 22:38 - 00854390 _____ () C:\Users\Kapil\Downloads\SecurityCheck.exe
2014-08-01 22:33 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-01 22:26 - 2014-08-01 22:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Kapil\Downloads\tdskiller.exe
2014-08-01 22:25 - 2014-08-01 22:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kapil\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 22:25 - 2014-08-01 22:25 - 04806744 _____ () C:\Users\Kapil\Downloads\RogueKiller.exe
2014-08-01 22:25 - 2014-08-01 22:24 - 00001205 _____ () C:\Users\Kapil\Downloads\FixNCR.reg
2014-08-01 21:59 - 2014-08-01 21:59 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-08-01 21:59 - 2014-08-01 21:59 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-08-01 21:59 - 2014-08-01 21:59 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-08-01 21:59 - 2013-07-25 21:00 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-08-01 21:59 - 2013-07-25 21:00 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-08-01 21:59 - 2013-07-25 21:00 - 00001993 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-28 19:07 - 2013-12-15 22:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2386906494-3172876625-2459396632-1001Core.job
2014-07-28 02:40 - 2013-12-21 19:08 - 00000000 ____D () C:\Program Files\PeerBlock
2014-07-28 01:11 - 2013-08-08 22:37 - 00000000 ____D () C:\Users\Kapil\AppData\Roaming\uTorrent
2014-07-28 01:07 - 2014-07-28 01:07 - 00000000 ____D () C:\Users\Kapil\Downloads\TNA Impact Wrestling HDTV 2014-07-24 720p H264 AVCHD-SC-SDH
2014-07-28 01:07 - 2014-07-28 01:07 - 00000000 ____D () C:\Users\Kapil\Downloads\TNA Impact Wrestling 2014 07 24 HDTV x264 DX-TV -={SPARROW}=-
2014-07-23 22:00 - 2013-08-22 15:46 - 00309192 _____ () C:\WINDOWS\setupact.log
2014-07-23 21:40 - 2014-07-23 21:40 - 06098848 _____ (EaseUS ) C:\Users\Kapil\Downloads\drw_trial.exe
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.0
2014-07-23 21:40 - 2014-07-23 21:40 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-07-22 21:38 - 2014-07-22 21:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 21:16 - 2013-08-14 00:21 - 00000000 ___HD () C:\Users\Kapil\Documents\333
2014-07-17 18:52 - 2013-11-05 19:47 - 00000932 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2386906494-3172876625-2459396632-1001Core.job
2014-07-11 22:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-11 19:35 - 2013-08-22 15:44 - 00473432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-11 03:28 - 2014-07-11 03:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-11 03:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 03:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 03:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 03:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 22:03 - 2013-08-12 20:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 22:03 - 2013-08-08 03:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 22:03 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 22:01 - 2013-07-28 19:30 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-07-10 21:59 - 2013-11-14 13:29 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 21:17 - 2014-07-10 21:17 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-10 19:23 - 2013-07-28 19:35 - 00358616 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2014-07-10 19:23 - 2013-07-28 19:35 - 00288440 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2014-07-08 19:03 - 2013-07-25 21:20 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-06 20:31 - 2014-07-06 20:31 - 00000000 ____D () C:\Users\Kapil\Downloads\Zlatan Ibrahimovic, I am Zlatan epub [dovah]
2014-07-06 20:07 - 2014-07-06 20:07 - 00000000 ____D () C:\Users\Kapil\Downloads\I Think Therefore I Play by Andrea Pirlo
Some content of TEMP:
====================
C:\Users\Kapil\AppData\Local\Temp\Quarantine.exe
C:\Users\Kapil\AppData\Local\Temp\Risweb32.exe
C:\Users\Kapil\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Kapil\AppData\Local\Temp\Tsu49390E26.dll
C:\Users\Kapil\AppData\Local\Temp\_is81BF.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-02 00:30
==================== End Of Log ============================
I've tried almost everything I know