Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Deadly Malware Attack [Closed]


  • This topic is locked This topic is locked

#1
Srikanth S

Srikanth S

    New Member

  • Member
  • Pip
  • 3 posts

Hi,

 

I am Srikanth

I am using Windows 7 Ultimate and PANDA 2012, Malwarebytes Anti-Malware anti-virus tools.  For past few days one process called "avengine.exe" starts all of a sudden and occupies 100% cpu.  During this period system will get freezed.  Even the system is unable to execute CRTL + ALT + DEL keys.  The only way is to press force restart button.  The process starts in random and requires system restart.  When scan is done with PANDA, it reports 6 locations where virus is getting created.  After quarantine them, again virus is getting created from the same locations.  Malwarebytes could not detect any malware.  I had executed OTL anti-virus tool and attachment contains  the log generated by it.  Please help me from getting rid of the deadly virus / malware.

 

Thank you

Srikanth S

 

Attached Files

  • Attached File  OTL.Txt   1.1MB   75 downloads

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, your Firefox is heavily infected. So I will run in a different order than normal

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Srikanth S

Srikanth S

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi,
 
I am Srikanth
I am using Windows 7 Ultimate and PANDA 2012, Malwarebytes Anti-Malware anti-virus tools.  For past few days one process called "avengine.exe" starts all of a sudden and occupies 100% cpu.  During this period system will get freezed.  Even the system is unable to execute CRTL + ALT + DEL keys.  The only way is to press force restart button.  The process starts in random and requires system restart.  When scan is done with PANDA, it reports 6 locations where virus is getting created.  After quarantine them, again virus is getting created from the same locations.  Malwarebytes could not detect any malware.  I had executed OTL anti-virus tool and attachment contains  the log generated by it.  Please help me from getting rid of the deadly virus / malware.
 
Thank you
Srikanth S

Hi, Thank you for quick reply.
I am still facing the problem and I had scanned with AdwCleaner & FRST tools suggested by you.  Attachment contains the log files.  Please go through and advise me on course of action to remove this deadly reoccurring virus.
 
Thenk you
Srikanth S

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
Ran by admin (administrator) on STARNET on 20-02-2015 16:23:17
Running from C:\
Loaded Profiles: admin (Available profiles: admin)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\psksvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\TPSrv.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\WebProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\ApVxdWin.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Speedbit Ltd.) C:\Program Files\DAP\DAP.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc) C:\Program Files\Google\Google Input Tools\GoogleInputService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Google Input Tools\GoogleInputHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\PsCtrlS.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe
(Panda Security, S.L.) C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\AVENGINE.EXE
(Panda Security International) C:\Program Files\Panda Security\Panda Global Protection 2012\FIREWALL\PSHost.exe
(Panda Security S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\PsImSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\SrvLoad.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\PavBckPT.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Panda Security S.L.) C:\Program Files\Panda Security\Panda Global Protection 2012\avciman.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6336216 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [APVXDWIN] => C:\Program Files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE [1000768 2011-04-13] (Panda Security, S.L.)
HKLM\...\Run: [SCANINICIO] => C:\Program Files\Panda Security\Panda Global Protection 2012\Inicio.exe [70464 2011-02-02] (Panda Security, S.L.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\avldr: C:\Windows\SYSTEM32\avldr.dll (On-Access Anti-Malware Scanner Sync)
HKU\S-1-5-21-2014716590-1605404776-2240317387-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2014716590-1605404776-2240317387-1000\...\Run: [GUSDelayStartup] => C:\Program Files\Glarysoft\Quick Startup\StartupManager.exe [37152 2014-10-28] (Glarysoft Ltd)
HKU\S-1-5-21-2014716590-1605404776-2240317387-1000\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [4242064 2014-11-01] (Speedbit Ltd.)
HKU\S-1-5-21-2014716590-1605404776-2240317387-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2014716590-1605404776-2240317387-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2014716590-1605404776-2240317387-1000\...\Policies\Explorer: []
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56269;https=127.0.0.1:56269
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2014716590-1605404776-2240317387-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.in/
HKU\S-1-5-21-2014716590-1605404776-2240317387-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2014716590-1605404776-2240317387-1000 -> {022DAB70-8BF0-4260-A0F6-497C9ACD2727} URL = https://in.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2014716590-1605404776-2240317387-1000 -> {9FAA0885-368E-496D-ADE2-A031DFC6A572} URL = https://in.search.ya...p={SearchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2014716590-1605404776-2240317387-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0D10250A-45A1-4EE4-B82C-6208494131BE}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3iouwe66.default
FF DefaultSearchEngine: Ad-Aware SecureSearch
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF Homepage: https://www.google.co.in/
FF Keyword.URL: https://in.search.ya...IN0D20141112&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: copylinkurlbluelightdevcom - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3iouwe66.default\Extensions\[email protected] [2015-02-03]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3iouwe66.default\Extensions\[email protected] [2014-11-04]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3iouwe66.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-11-17]
FF Extension: Download YouTube Videos as MP4 - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3iouwe66.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-11-04]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2014-11-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Aimersoft\Video Converter Ultimate\[email protected]
FF HKU\S-1-5-21-2014716590-1605404776-2240317387-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2014-11-01]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-31]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (fdpohaocaechififmbbbbbknoalclacl) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-02-03]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2015-02-17]
CHR Extension: (New Tab Aid) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncebfkpboiagfoihpgjknfkkkpaphjk [2014-12-14]
CHR Extension: (Skype Click to Call) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx [2014-11-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-01-29] (Intel Corporation)
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2014-12-22] (Flexera Software LLC)
R2 GoogleInputService; C:\Program Files\Google\Google Input Tools\GoogleInputService.exe [164888 2014-11-13] (Google Inc)
R3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 Panda Software Controller; C:\Program Files\Panda Security\Panda Global Protection 2012\PsCtrls.exe [173312 2009-08-10] (Panda Security, S.L.)
R2 PAVFNSVR; C:\Program Files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe [202016 2012-10-17] (Panda Security, S.L.)
R2 PavPrSrv; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
R2 PAVSRV; C:\Program Files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe [314176 2010-06-04] (Panda Security, S.L.)
R2 PSHost; c:\program files\panda security\panda global protection 2012\firewall\PSHOST.EXE [226560 2009-11-26] (Panda Security International)
R2 PSIMSVC; C:\Program Files\Panda Security\Panda Global Protection 2012\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
R2 PskSvcRetail; C:\Program Files\Panda Security\Panda Global Protection 2012\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
R2 TPSrv; C:\Program Files\Panda Security\Panda Global Protection 2012\TPSrv.exe [156960 2012-11-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AmFSM; C:\Windows\System32\DRIVERS\amm8660.sys [54344 2010-05-21] (Panda Security, S.L.)
R2 APPFLT; C:\Windows\system32\Drivers\APPFLT.SYS [83528 2011-01-31] (Panda Security, S.L.)
R2 ComFiltr; C:\Windows\system32\DRIVERS\COMFiltr.sys [13880 2015-02-08] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-10-12] (Samsung Electronics Co., Ltd.) [File not signed]
R2 DSAFLT; C:\Windows\system32\Drivers\DSAFLT.SYS [53256 2009-09-25] (Panda Security, S.L.)
R2 FNETMON; C:\Windows\system32\Drivers\fnetmon.SYS [22024 2009-09-25] (Panda Security, S.L.)
R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [17472 2014-12-21] (Glarysoft Ltd)
R2 IDSFLT; C:\Windows\system32\Drivers\IDSFLT.SYS [193864 2010-09-09] (Panda Security, S.L.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R2 NETFLTDI; C:\Windows\system32\Drivers\NETFLTDI.SYS [159112 2009-09-25] (Panda Security, S.L.)
R3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\neti1644.sys [201032 2010-09-01] (Panda Security, S.L.)
R0 pavboot; C:\Windows\System32\Drivers\pavboot.sys [26696 2010-06-22] (Panda Security, S.L.)
R2 PavProc; C:\Windows\system32\DRIVERS\PavProc.sys [163848 2010-05-06] (Panda Security, S.L.)
R1 ShldDrv; C:\Windows\System32\DRIVERS\ShlDrv51.sys [37448 2011-02-21] (Panda Security, S.L.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-04-10] (Samsung Electronics) [File not signed]
R2 WNMFLT; C:\Windows\system32\Drivers\WNMFLT.SYS [46856 2009-09-25] (Panda Security, S.L.)
R3 AvFlt; \SystemRoot\system32\drivers\av5flt.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
R3 PavSRK.sys; \??\C:\Windows\system32\PavSRK.sys [X]
R3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 16:23 - 2015-02-20 16:23 - 00019251 _____ () C:\FRST.txt
2015-02-20 16:22 - 2015-02-20 16:22 - 00000000 ____D () C:\FRST-OlderVersion
2015-02-18 16:21 - 2015-02-18 16:21 - 00448512 _____ (OldTimer Tools) C:\TFC.exe
2015-02-18 14:03 - 2015-02-18 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracking Cookies Removal Tool
2015-02-18 14:03 - 2015-02-18 14:03 - 00000000 ____D () C:\Program Files\Security Stronghold
2015-02-18 14:01 - 2015-02-18 14:02 - 01586248 _____ (Security Stronghold ) C:\Users\admin\Downloads\TrackingCookiesRemovalTool.exe
2015-02-17 16:44 - 2015-02-18 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-17 16:44 - 2015-02-17 16:44 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-17 16:44 - 2015-02-17 16:43 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-17 16:43 - 2015-02-17 16:43 - 00000000 ____D () C:\Program Files\Java
2015-02-17 16:40 - 2015-02-17 16:40 - 00000000 ____D () C:\Windows\Sun
2015-02-17 16:38 - 2015-02-17 16:38 - 00000000 ____D () C:\ProgramData\Sun
2015-02-17 16:37 - 2015-02-17 16:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-17 14:49 - 2015-02-17 14:50 - 00024779 _____ () C:\Addition.txt
2015-02-17 12:18 - 2015-02-17 12:19 - 00036182 _____ () C:\assambirthcert.php.dap
2015-02-17 12:08 - 2015-02-20 16:23 - 00000000 ____D () C:\FRST
2015-02-17 11:55 - 2015-02-20 16:22 - 01126400 _____ (Farbar) C:\FRST.exe
2015-02-17 11:53 - 2015-02-17 11:54 - 02112512 _____ () C:\AdwCleaner.exe
2015-02-16 20:08 - 2015-02-16 20:08 - 01153474 _____ () C:\OTL.Txt
2015-02-16 19:17 - 2015-02-16 19:17 - 00602112 _____ (OldTimer Tools) C:\OTL.exe
2015-02-12 18:13 - 2015-02-12 18:13 - 00000049 _____ () C:\Windows\NeroDigital.ini
2015-02-12 17:57 - 2015-02-12 18:00 - 24102168 _____ (DVDVideoSoft Ltd. ) C:\Users\admin\Downloads\FreeAVIVideoConverter.exe
2015-02-12 16:41 - 2015-02-12 16:41 - 00000000 ____D () C:\Users\admin\AppData\Local\Aiseesoft Studio
2015-02-12 16:11 - 2015-02-12 16:40 - 29844904 _____ (Aiseesoft Studio ) C:\Users\admin\Downloads\total-video-converter.exe
2015-02-12 15:50 - 2015-02-12 15:50 - 00000000 ____D () C:\Program Files\Apowersoft
2015-02-12 13:15 - 2015-02-12 13:19 - 18876168 _____ (APOWERSOFT LIMITED ) C:\Users\admin\Downloads\video-converter-studio.exe
2015-02-12 09:17 - 2015-02-18 17:02 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-02-11 17:35 - 2015-02-19 20:46 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2015-02-11 11:30 - 2015-02-18 17:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-11 11:30 - 2015-02-15 16:13 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-11 10:51 - 2015-02-11 10:48 - 01990720 _____ () C:\MGtools.exe
2015-02-11 10:51 - 2015-02-11 10:47 - 10288040 _____ (SurfRight B.V.) C:\HitmanPro.exe
2015-02-11 10:50 - 2015-02-11 10:44 - 04197016 _____ (Kaspersky Lab ZAO) C:\tdsskiller.exe
2015-02-11 10:50 - 2015-02-11 10:41 - 15431256 _____ () C:\RogueKiller.exe
2015-02-10 14:08 - 2015-02-19 20:18 - 00000375 _____ () C:\Users\admin\Desktop\New Text Document.txt
2015-02-09 19:45 - 2015-02-17 12:01 - 00000000 ____D () C:\AdwCleaner
2015-02-09 19:39 - 2015-02-09 19:39 - 00005056 _____ () C:\Windows\system32\LavasoftTcpService.ini
2015-02-09 19:39 - 2015-02-09 19:39 - 00002752 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-02-09 19:39 - 2015-02-09 19:39 - 00000000 ____D () C:\Users\admin\AppData\Roaming\LavasoftStatistics
2015-02-09 19:39 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-02-08 13:43 - 2015-02-20 10:35 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg.bck
2015-02-08 13:43 - 2015-02-20 10:35 - 00000056 _____ () C:\Windows\system32\Drivers\etc\WnmFlt.cfg
2015-02-08 13:43 - 2015-02-20 10:35 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg.bck
2015-02-08 13:43 - 2015-02-20 10:35 - 00000056 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.cfg
2015-02-08 13:43 - 2015-02-19 21:22 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt.bck
2015-02-08 13:43 - 2015-02-19 21:22 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetLoc.wlt
2015-02-08 13:42 - 2015-02-20 10:35 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg.bck
2015-02-08 13:42 - 2015-02-20 10:35 - 00000252 _____ () C:\Windows\system32\Drivers\etc\IdsFlt.cfg
2015-02-08 13:41 - 2015-02-20 15:40 - 00000120 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg.bck
2015-02-08 13:41 - 2015-02-20 15:40 - 00000120 _____ () C:\Windows\system32\Drivers\etc\NetAdapt.cfg
2015-02-08 13:41 - 2015-02-20 10:35 - 00000072 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt.bck
2015-02-08 13:41 - 2015-02-20 10:35 - 00000072 _____ () C:\Windows\system32\Drivers\etc\NetAR.wlt
2015-02-08 13:41 - 2015-02-20 10:35 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg.bck
2015-02-08 13:41 - 2015-02-20 10:35 - 00000068 _____ () C:\Windows\system32\Drivers\etc\NetFlt.cfg
2015-02-08 13:32 - 2015-02-18 17:02 - 00000000 ____D () C:\Users\admin\AppData\Roaming\wnjvvsvc
2015-02-08 13:23 - 2015-02-08 13:23 - 00000000 ____D () C:\Users\admin\AppData\Local\Panda Security
2015-02-08 13:21 - 2015-02-20 16:23 - 00251496 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT.bck
2015-02-08 13:21 - 2015-02-20 16:23 - 00251496 _____ () C:\Windows\system32\Drivers\APPFCONT.DAT
2015-02-08 13:21 - 2015-02-20 10:35 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls.bck
2015-02-08 13:21 - 2015-02-20 10:35 - 00303044 _____ () C:\Windows\system32\Drivers\etc\DsaFlt.rls
2015-02-08 13:21 - 2015-02-20 10:35 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG.bck
2015-02-08 13:21 - 2015-02-20 10:35 - 00001132 _____ () C:\Windows\system32\Drivers\APPFLTR.CFG
2015-02-08 13:21 - 2015-02-08 13:21 - 00013880 _____ () C:\Windows\system32\Drivers\COMFiltr.sys
2015-02-08 13:21 - 2015-02-08 13:21 - 00000262 _____ () C:\Windows\system32\PavCPL.dat
2015-02-08 13:21 - 2011-01-31 16:41 - 00083528 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\APPFLT.SYS
2015-02-08 13:21 - 2010-09-09 16:23 - 00193864 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\idsflt.sys
2015-02-08 13:21 - 2009-09-25 14:54 - 00159112 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\NETFLTDI.SYS
2015-02-08 13:21 - 2009-09-25 14:54 - 00053256 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\dsaflt.sys
2015-02-08 13:21 - 2009-09-25 14:54 - 00046856 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\wnmflt.sys
2015-02-08 13:21 - 2009-09-25 14:54 - 00022024 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\fnetmon.sys
2015-02-08 13:20 - 2015-02-18 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Global Protection 2012
2015-02-08 13:20 - 2015-02-08 13:20 - 00000000 ____D () C:\Windows\system32\PAV
2015-02-08 13:20 - 2015-02-08 13:20 - 00000000 ____D () C:\Program Files\Common Files\Panda Security
2015-02-08 13:20 - 2012-11-16 15:38 - 00518432 _____ (Panda Security, S.L.) C:\Windows\system32\PavSHook.dll
2015-02-08 13:20 - 2012-05-17 19:12 - 00087328 _____ (Panda Security, S.L.) C:\Windows\system32\PavLspHook.dll
2015-02-08 13:20 - 2011-02-21 14:38 - 00037448 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\ShlDrv51.sys
2015-02-08 13:20 - 2010-09-01 11:09 - 00201032 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\neti1644.sys
2015-02-08 13:20 - 2010-06-22 18:13 - 00026696 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\pavboot.sys
2015-02-08 13:20 - 2010-06-21 17:02 - 00193344 _____ (Panda Security, S.L.) C:\Windows\system32\TpUtil.dll
2015-02-08 13:20 - 2010-06-21 17:01 - 00055616 _____ (Panda Security, S.L.) C:\Windows\system32\pavipc.dll
2015-02-08 13:20 - 2010-05-21 13:50 - 00054344 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\amm8660.sys
2015-02-08 13:20 - 2010-05-06 17:11 - 00163848 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PavProc.sys
2015-02-08 13:20 - 2010-03-24 12:55 - 00055552 _____ (On-Access Anti-Malware Scanner Sync) C:\Windows\system32\avldr.dll
2015-02-08 13:20 - 2007-03-15 19:38 - 00054832 _____ (Panda Software) C:\Windows\system32\pavcpl.cpl
2015-02-08 13:20 - 2007-02-08 10:53 - 00107568 _____ (Panda Software) C:\Windows\system32\SYSTOOLS.DLL
2015-02-08 13:20 - 2003-10-22 18:23 - 00446464 _____ (eHelp Corporation.) C:\Windows\system32\HHActiveX.dll
2015-02-05 12:17 - 2015-02-18 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Supersoft PROPHET7
2015-02-05 12:17 - 2015-02-05 12:17 - 00000959 _____ () C:\Users\Public\Desktop\PROPHET 7.lnk
2015-02-05 12:17 - 2000-05-22 00:00 - 01066176 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX
2015-02-05 12:17 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\system32\RICHTX32.OCX
2015-02-05 12:17 - 2000-02-17 22:26 - 00073184 _____ () C:\Windows\system32\DAO2535.TLB
2015-02-05 12:17 - 1999-01-22 06:04 - 00305424 _____ (Microsoft Corporation) C:\Windows\system32\MSADCE.DLL
2015-02-05 12:17 - 1999-01-22 06:04 - 00122640 _____ (Microsoft Corporation) C:\Windows\system32\MSDAPS.DLL
2015-02-05 12:17 - 1999-01-22 06:04 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\MSADCER.DLL
2015-02-05 12:17 - 1999-01-18 00:00 - 00048528 _____ () C:\Windows\system32\MSADO20.TLB
2015-02-05 12:17 - 1998-06-18 00:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Vb6stkit.dll
2015-02-05 12:17 - 1998-04-27 00:00 - 00570128 _____ (Microsoft Corporation) C:\Windows\system32\DAO350.DLL
2015-02-05 12:17 - 1997-01-16 00:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Vb5stkit.dll
2015-01-31 17:47 - 2015-02-20 15:40 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 17:47 - 2015-01-31 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 17:47 - 2015-01-31 17:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-31 17:47 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 17:47 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-31 17:47 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 17:14 - 2015-02-18 17:05 - 00000000 ____D () C:\Program Files\Panda Security
2015-01-31 17:14 - 2015-02-08 13:20 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Panda Security
2015-01-31 14:36 - 2015-01-31 14:36 - 00613057 _____ (CMI Limited) C:\Users\admin\AppData\Local\nse6969.tmp
2015-01-31 14:21 - 2015-01-31 14:21 - 00000000 ____D () C:\ProgramData\AMMYY
2015-01-31 14:11 - 2015-01-31 14:12 - 00000000 ____D () C:\6dc309ea-9ada-4bcc-9274-12998b3c9a8f
2015-01-28 11:50 - 2015-01-28 11:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 21:42 - 2015-01-25 21:42 - 00002086 _____ () C:\Users\admin\AppData\Roaming\OJL
2015-01-25 21:42 - 2015-01-25 21:42 - 00001248 _____ () C:\Users\admin\AppData\Roaming\IBYEADEV
2015-01-24 15:41 - 2015-02-20 10:33 - 00012374 _____ () C:\Windows\setupact.log
2015-01-24 15:41 - 2015-02-15 17:08 - 00138934 _____ () C:\Windows\PFRO.log
2015-01-24 15:41 - 2015-01-24 15:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-23 12:12 - 2015-01-23 12:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\addpcs

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 16:10 - 2014-10-11 13:03 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 15:57 - 2014-11-01 12:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-20 15:42 - 2014-10-11 13:06 - 00852270 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 15:40 - 2014-12-30 20:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2015-02-20 12:33 - 2009-07-14 10:04 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 12:33 - 2009-07-14 10:04 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 11:33 - 2014-10-11 13:03 - 01104333 _____ () C:\Windows\WindowsUpdate.log
2015-02-20 10:33 - 2014-11-01 20:53 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-20 10:33 - 2014-10-11 13:03 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 10:33 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-19 15:44 - 2014-10-11 12:10 - 00008627 _____ () C:\Windows\system32\PAV_FOG.OPC
2015-02-19 14:07 - 2009-07-14 08:07 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-19 13:49 - 2014-11-05 11:13 - 00000000 ____D () C:\Users\admin\Documents\Scan
2015-02-18 17:05 - 2014-11-06 12:55 - 00000000 ___RD () C:\Program Files\Skype
2015-02-18 17:05 - 2014-11-04 12:37 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-18 17:02 - 2014-10-28 16:44 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2015-02-18 17:02 - 2014-10-09 23:11 - 00000000 ____D () C:\Users\admin
2015-02-18 17:02 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\registration
2015-02-18 17:02 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\AppCompat
2015-02-18 11:03 - 2014-11-21 19:56 - 00086016 ___SH () C:\Users\Public\Thumbs.db
2015-02-17 19:41 - 2014-12-04 14:55 - 00000000 ____D () C:\Program Files\PROPHET7
2015-02-17 19:39 - 2014-12-04 15:04 - 00000546 _____ () C:\Windows\PROPHET6.INI
2015-02-12 15:50 - 2014-12-07 19:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Apowersoft
2015-02-11 09:43 - 2014-11-05 10:43 - 00000000 ____D () C:\Panda Software
2015-02-08 13:40 - 2015-01-13 18:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\lpgggfis
2015-02-08 13:20 - 2014-10-11 11:41 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-07 20:24 - 2014-12-28 17:15 - 00000000 ____D () C:\Users\Public\Games
2015-02-07 10:05 - 2009-07-14 10:22 - 00000000 ____D () C:\Windows\Performance
2015-02-06 12:13 - 2014-10-11 12:11 - 00128992 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-05 20:54 - 2009-07-14 10:03 - 00409312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-05 18:57 - 2014-11-01 12:16 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 18:57 - 2014-11-01 12:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 18:22 - 2009-07-14 08:07 - 00000000 ___RD () C:\Users\Public
2015-02-05 12:17 - 2014-12-04 14:55 - 00000225 _____ () C:\Windows\ODBCINST.INI
2015-02-03 20:41 - 2014-11-07 19:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\uTorrent
2015-01-31 17:13 - 2014-11-03 13:40 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-31 16:34 - 2014-12-22 18:14 - 00000000 ____D () C:\Users\admin\Documents\Chenga Reddy
2015-01-31 14:19 - 2014-12-22 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-01-31 14:19 - 2014-12-22 16:07 - 00000000 ____D () C:\ProgramData\Autodesk
2015-01-31 14:16 - 2014-11-08 12:07 - 00000000 ____D () C:\wamp
2015-01-29 10:25 - 2014-11-01 20:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-24 15:41 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Branding
2015-01-23 12:12 - 2014-11-04 17:05 - 00000000 ____D () C:\Temp
2015-01-23 11:43 - 2014-11-24 20:07 - 00000000 ____D () C:\Users\admin\Desktop\Delete

==================== Files in the root of some directories =======

2015-01-25 21:42 - 2015-01-25 21:42 - 0001248 _____ () C:\Users\admin\AppData\Roaming\IBYEADEV
2015-01-25 21:42 - 2015-01-25 21:42 - 0002086 _____ () C:\Users\admin\AppData\Roaming\OJL
2015-01-06 12:58 - 2015-01-06 13:00 - 0000138 _____ () C:\Users\admin\AppData\Roaming\settings.xml
2014-12-27 11:08 - 2014-12-27 11:08 - 0000000 ____H () C:\Users\admin\AppData\Local\BITB200.tmp
2015-01-31 14:36 - 2015-01-31 14:36 - 0613057 _____ (CMI Limited) C:\Users\admin\AppData\Local\nse6969.tmp
2014-12-27 11:03 - 2014-12-27 11:03 - 0000000 _____ () C:\Users\admin\AppData\Local\{85D4A540-4878-4488-8839-B1205E6C8E12}
2014-10-11 13:06 - 2014-10-11 13:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-22 16:25 - 2014-12-22 16:25 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Files to move or delete:
====================
C:\Users\Public\AdbeRdr708_en_US.exe
C:\Users\Public\avg_free_stb_all_2015_5557_cnet.exe
C:\Users\Public\IE11-Windows6.1-x86-en-us.exe
C:\Users\Public\mbam-setup-2.0.3.1025.exe
C:\Users\Public\mycafecup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-16 15:18

==================== End Of Log ============================

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the first thing you must do is uninstall Chrome, you can reinstall once we have finished

Once Chrome is uninstalled

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56269;https=127.0.0.1:56269
SearchScopes: HKU\S-1-5-21-2014716590-1605404776-2240317387-1000 -> {022DAB70-8BF0-4260-A0F6-497C9ACD2727} URL = https://in.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2014716590-1605404776-2240317387-1000 -> {9FAA0885-368E-496D-ADE2-A031DFC6A572} URL = https://in.search.ya...p={SearchTerms}
Toolbar: HKU\S-1-5-21-2014716590-1605404776-2240317387-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Keyword.URL: https://in.search.ya...IN0D20141112&p=
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-31]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (fdpohaocaechififmbbbbbknoalclacl) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-02-03]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2015-02-17]
CHR Extension: (New Tab Aid) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncebfkpboiagfoihpgjknfkkkpaphjk [2014-12-14]
CHR Extension: (Skype Click to Call) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx [2014-11-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
2015-02-18 14:03 - 2015-02-18 14:03 - 00000000 ____D () C:\Program Files\Security Stronghold
2015-02-08 13:40 - 2015-01-13 18:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\lpgggfis
2015-01-25 21:42 - 2015-01-25 21:42 - 0001248 _____ () C:\Users\admin\AppData\Roaming\IBYEADEV
2015-01-25 21:42 - 2015-01-25 21:42 - 0002086 _____ () C:\Users\admin\AppData\Roaming\OJL
2014-12-27 11:08 - 2014-12-27 11:08 - 0000000 ____H () C:\Users\admin\AppData\Local\BITB200.tmp
Winlogon\Notify\avldr: C:\Windows\SYSTEM32\avldr.dll (On-Access Anti-Malware Scanner Sync)
C:\Program Files\Google\Chrome
C:\Users\admin\AppData\Local\Google\Chrome
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#5
Srikanth S

Srikanth S

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

OK the first thing you must do is uninstall Chrome, you can reinstall once we have finished

Once Chrome is uninstalled

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 


CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56269;https=127.0.0.1:56269
SearchScopes: HKU\S-1-5-21-2014716590-1605404776-2240317387-1000 -> {022DAB70-8BF0-4260-A0F6-497C9ACD2727} URL = https://in.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2014716590-1605404776-2240317387-1000 -> {9FAA0885-368E-496D-ADE2-A031DFC6A572} URL = https://in.search.ya...p={SearchTerms}
Toolbar: HKU\S-1-5-21-2014716590-1605404776-2240317387-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Keyword.URL: https://in.search.ya...IN0D20141112&p=
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-31]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (fdpohaocaechififmbbbbbknoalclacl) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-02-03]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2015-02-17]
CHR Extension: (New Tab Aid) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncebfkpboiagfoihpgjknfkkkpaphjk [2014-12-14]
CHR Extension: (Skype Click to Call) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-07]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx [2014-11-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
2015-02-18 14:03 - 2015-02-18 14:03 - 00000000 ____D () C:\Program Files\Security Stronghold
2015-02-08 13:40 - 2015-01-13 18:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\lpgggfis
2015-01-25 21:42 - 2015-01-25 21:42 - 0001248 _____ () C:\Users\admin\AppData\Roaming\IBYEADEV
2015-01-25 21:42 - 2015-01-25 21:42 - 0002086 _____ () C:\Users\admin\AppData\Roaming\OJL
2014-12-27 11:08 - 2014-12-27 11:08 - 0000000 ____H () C:\Users\admin\AppData\Local\BITB200.tmp
Winlogon\Notify\avldr: C:\Windows\SYSTEM32\avldr.dll (On-Access Anti-Malware Scanner Sync)
C:\Program Files\Google\Chrome
C:\Users\admin\AppData\Local\Google\Chrome
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

 

Hi,

 

Thank you for sending the detailed procedure.

I had uninstalled Chrome browser. I had executed the FRST.exe. It got executed twice. First time during fixing process, runtime error displayed and hence I executed for the second time.

The log is in the attachment.

Waiting for reply and course of action.

 

Thank you

Srikanth S

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now re-install Chrome and let me know what problems are evident
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP