[rajinikanths]

PLEASE HELP.

I've a problem similar to the post http://www.geekstogo...-run-antivirus/

 

After leaving my PC (desktop) ON for several days, i happen to find that chrome started to crash. As soon as I open it, it will crash. Then when I first try to open AVG 2014, it didn't. I was for some reason able to run Windows Malware Removal Tool from USB drive and it detected 2 infections and cleaned. I tried to restart my PC and open chrome, it still gives the same crashing problem. Again I ran the Windows Malware Removal Tool but this time there was no infections at all. Except that, none of the anti-malware like malwarebytes, tsskiller, etc was able to install or run. When I double-click those EXEs,nothing happens.

 

FRST Scan ran from Repair Your Computer mode -> Command Prompt is attached.

 

Please help fix this issue.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015

Ran by SYSTEM on MININT-O8HV9CU (10-11-2015 02:44:34)

Running from G:\

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 9

Boot Mode: Recovery

Default: ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505872 2012-07-25] (CyberLink)

HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [374560 2012-07-25] (CyberLink Corp.)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)

HKU\Deploy\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB

HKU\Deploy\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP

HKU\Rajinikanth\...\Run: [Google Update] => C:\Users\Rajinikanth\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)

HKU\Rajinikanth\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)

HKU\Rajinikanth\...\Run: [uTorrent] => C:\Users\Rajinikanth\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-13] (BitTorrent Inc.)

HKU\Rajinikanth\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Rajinikanth\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid e9ece8404a8f47d1a8d3d15a0f75730d-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913a

HKU\Rajinikanth\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)

HKU\Rajinikanth\...\Run: [{CFFFBDCC-1501-472A-A4AB-EAB831FF0BF6}] => regsvr32.exe "C:\Users\Rajinikanth\AppData\Roaming\IebaFqej\YuwuWsiw.dll"

HKU\Rajinikanth\...\Run: [BackUp2228303646] => C:\Users\Rajinikanth\AppData\Roaming\BackUp2228303646.exe [581632 2009-07-13] ()

Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)

S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)

S2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-25] (CyberLink Corp.)

S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-07-25] (CyberLink)

S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-07-25] (CyberLink)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)

S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)

S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)

S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)

S2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe [374112 2011-03-14] (Ralink Technology, Corp.)

S2 RalinkRegistryWriter64; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe [451936 2011-03-14] (Ralink Technology, Corp.)

S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] ()

S3 TpMediaServer; C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe [619872 2011-03-14] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)

S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)

S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)

S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)

S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)

S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)

S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-12-28] (Broadcom Corporation.)

S1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-06-17] (BIOSTAR Group)

S1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-06-17] (BIOSTAR Group)

S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-20] (Disc Soft Ltd)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S1 MpKslb6c95284; C:\Windows\system32\MpEngineStore\MpKslb6c95284.sys [44928 2015-11-09] (Microsoft Corporation)

S1 MpKslcf41a2e4; C:\Windows\system32\MpEngineStore\MpKslcf41a2e4.sys [44928 2015-11-09] (Microsoft Corporation)

S3 MPMFL; C:\Windows\System32\DRIVERS\MPMFL.sys [23272 2012-12-17] (Windows ® Server 2003 DDK provider)

S2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)

S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)

S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-26] (Microsoft Corporation)

S3 ZG760_64; C:\Windows\System32\DRIVERS\WlanGZ64.SYS [493696 2006-08-17] (ZyDAS Technology Corporation)

S3 ZG760_64; C:\Windows\SysWOW64\DRIVERS\WlanGZ64.SYS [493696 2006-08-17] (ZyDAS Technology Corporation)

S2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-08-10] (CyberLink Corp.)

S3 ALSysIO; \??\C:\Users\RAJINI~1\AppData\Local\Temp\ALSysIO64.sys [X]

S3 BS2228303646; \??\C:\Users\RAJINI~1\AppData\Local\Temp\NTFS.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-09 17:03 - 2015-11-09 21:16 - 00000000 ____D C:\Windows\System32\MpEngineStore

2015-11-09 05:49 - 2015-11-09 05:49 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1873260180-584723267-4080468776-1000

2015-11-09 05:49 - 2015-11-09 05:49 - 00003258 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1873260180-584723267-4080468776-1000

2015-11-08 21:24 - 2015-11-08 21:24 - 00000036 _____ C:\Users\Rajinikanth\AppData\Local\housecall.guid.cache

2015-11-08 21:14 - 2015-11-08 21:14 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\QuickScan

2015-11-08 15:53 - 2015-11-08 15:54 - 00037596 _____ C:\Users\Rajinikanth\Desktop\Addition.txt

2015-11-08 15:51 - 2015-11-10 02:44 - 00000000 ____D C:\FRST

2015-11-08 15:51 - 2015-11-08 15:54 - 00024936 _____ C:\Users\Rajinikanth\Desktop\FRST.txt

2015-11-08 15:36 - 2015-11-08 15:44 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\tor

2015-11-08 14:42 - 2015-11-08 14:42 - 00007626 _____ C:\Users\Rajinikanth\AppData\Local\Resmon.ResmonCfg

2015-11-08 14:36 - 2015-11-08 14:36 - 00000137 _____ C:\Users\Rajinikanth\Desktop\debug.log

2015-11-08 12:37 - 2015-11-09 09:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-11-08 12:37 - 2015-11-09 09:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-11-08 12:37 - 2015-11-08 13:24 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Mozilla

2015-11-08 12:37 - 2015-11-08 12:37 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Mozilla

2015-11-08 00:23 - 2015-11-09 05:48 - 00000000 ____D C:\Users\Rajinikanth\AppData\LocalLow\uTorrent

2015-10-23 18:26 - 2015-11-09 08:12 - 03471692 _____ C:\Windows\System32\CFG2228303646

2015-10-23 18:14 - 2015-10-23 18:14 - 00329496 _____ C:\Windows\Minidump\102315-55536-01.dmp

2015-10-23 18:12 - 2015-11-09 09:08 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\IebaFqej

2015-10-23 18:11 - 2015-10-23 18:12 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

2015-10-13 18:32 - 2015-10-13 18:32 - 00020679 _____ C:\Users\Rajinikanth\Downloads\32415815A0B4621400688F0BF2966D7FD3435D93.torrent

2015-10-13 18:31 - 2015-10-13 18:31 - 00019703 _____ C:\Users\Rajinikanth\Downloads\D6525C8CB07CBC6CE001A97541DAD408D4F1FFF0.torrent

2015-10-13 18:30 - 2015-10-13 18:30 - 00019715 _____ C:\Users\Rajinikanth\Downloads\81BA198ED92739B4BCEE99C90FF5EFA0B71069D4.torrent

2015-10-13 18:28 - 2015-10-13 18:28 - 00017607 _____ C:\Users\Rajinikanth\Downloads\D5A14DD9675E85750E60051FC86F0AB402E9443F.torrent

2015-10-13 18:24 - 2015-10-13 18:24 - 00013303 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - Unnale Unnale 2006 Tamil 720p DVDRip x264 1.2GB ESubs.torrent

2015-10-13 18:23 - 2015-10-13 18:23 - 00012075 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - VSOP (2015)1080p v2 HD - AVC - MP4 - 5.1 - 4.4GB - Tamil.mp4.torrent

2015-10-13 18:21 - 2015-10-13 18:21 - 00016196 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - Baahubali (2015)1080p DVDRip - Tamil AAC 5.1 (Original) - 3GB ESubs.torrent

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-09 23:58 - 2012-01-31 23:41 - 01066723 _____ C:\Windows\WindowsUpdate.log

2015-11-09 23:57 - 2012-09-08 18:28 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\uTorrent

2015-11-09 23:57 - 2009-07-13 20:51 - 00111608 _____ C:\Windows\setupact.log

2015-11-09 23:51 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI

2015-11-09 23:00 - 2012-02-10 20:09 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1873260180-584723267-4080468776-1000UA.job

2015-11-09 19:46 - 2015-06-21 22:51 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Raptr

2015-11-09 18:00 - 2012-02-10 20:09 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1873260180-584723267-4080468776-1000Core.job

2015-11-09 16:58 - 2015-06-19 22:12 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\CrashDumps

2015-11-09 09:08 - 2015-07-18 20:43 - 00000000 ____D C:\Program Files (x86)\Google

2015-11-09 09:08 - 2014-07-23 15:07 - 00000000 ____D C:\Program Files (x86)\Acrok

2015-11-09 09:08 - 2012-08-24 13:37 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\vlc

2015-11-09 09:08 - 2012-08-01 10:42 - 00000000 ____D C:\users\Deploy

2015-11-09 09:08 - 2012-02-10 20:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Google

2015-11-09 09:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2015-11-09 09:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2015-11-09 09:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2015-11-09 09:07 - 2014-01-20 23:24 - 00000000 ____D C:\ProgramData\RealNetworks

2015-11-09 05:56 - 2009-07-13 20:45 - 00026000 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-11-09 05:56 - 2009-07-13 20:45 - 00026000 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-11-09 05:44 - 2013-06-07 14:59 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

2015-11-09 05:44 - 2013-06-03 02:33 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2015-11-09 05:44 - 2012-01-31 23:40 - 00000000 ____D C:\users\Rajinikanth

2015-11-09 05:43 - 2012-02-01 00:10 - 00000000 ____D C:\ProgramData\NVIDIA

2015-11-09 05:43 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-11-08 17:23 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp

2015-11-08 12:32 - 2012-02-10 20:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Deployment

2015-10-23 18:14 - 2012-02-15 22:10 - 00000000 ____D C:\Windows\Minidump

2015-10-23 18:10 - 2012-02-10 21:53 - 00000000 ____D C:\ProgramData\MFAData

2015-10-21 12:37 - 2015-06-23 06:54 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

 

Files to move or delete:

====================

C:\ProgramData\uninstaller.exe

 

 

==================== Known DLLs (Whitelisted) =========================

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\dnsapi.dll => MD5 is legit

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE Association (Whitelisted) =============

 

 

==================== Restore Points =========================

 

Restore point date: 2015-10-24 10:04

Restore point date: 2015-11-03 23:00

Restore point date: 2015-11-09 22:48

 

==================== Memory info =========================== 

 

Percentage of memory in use: 9%

Total physical RAM: 8191.37 MB

Available physical RAM: 7394.27 MB

Total Virtual: 8189.57 MB

Available Virtual: 7381.75 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:984.01 GB) (Free:13.48 GB) NTFS

Drive e: () (Fixed) (Total:878.91 GB) (Free:289.32 GB) NTFS

Drive g: (USB20FD) (Removable) (Total:14.92 GB) (Free:14.84 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B65E26BF)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=984 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=878.9 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 14.9 GB) (Disk ID: 04030201)

Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

 

 

LastRegBack: 2015-11-03 22:53

 

==================== End of FRST.txt ============================

Attached Files

•  FRST.txt   17.32KB   619 downloads

[Advertisements]

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that.  

 

(If it boots run FRST from Windows )  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

[RKinner]

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that.  

 

(If it boots run FRST from Windows )  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

[rajinikanths]

Thanks a ton. I'll follow these steps and share the log files.

[rajinikanths]

From the 'Repair Computer's Command Prompt' - I ran the fix. The fix log is: Fixlog_11102015_1.txt

Next I rebooted the machine.

From Windows, I reran the FRST from USB Drive selecting 'Additions' options and the files are attached.

 with tags

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015

Ran by Rajinikanth (administrator) on SARVESH-DSK (10-11-2015 17:55:21)

Running from G:\

Loaded Profiles: Rajinikanth (Available Profiles: Rajinikanth & Deploy)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

(BitTorrent Inc.) C:\Users\Rajinikanth\AppData\Roaming\uTorrent\uTorrent.exe

(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(TP-LINK Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe

() C:\Windows\VID_0e8f&PID_0003\Watchps3.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe

(BitTorrent Inc.) C:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe

(BitTorrent Inc.) C:\Users\Rajinikanth\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe

(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

() C:\ProgramData\igfxext_64.dll

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [igfxEM_64] => C:\ProgramData\igfxEM_64.exe [4096 2015-11-10] ()

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505872 2012-07-25] (CyberLink)

HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [374560 2012-07-25] (CyberLink Corp.)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)

HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [Google Update] => C:\Users\Rajinikanth\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)

HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)

HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [uTorrent] => C:\Users\Rajinikanth\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-13] (BitTorrent Inc.)

HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Rajinikanth\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid e9ece8404a8f47d1a8d3d15a0f75730d-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913a

HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)

HKU\S-1-5-21-1873260180-584723267-4080468776-1000\...\MountPoints2: {e9594a04-17cf-11e5-9834-98588a039dc4} - F:\setup.exe

Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-12-28]

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Client Utility.lnk [2012-07-05]

ShortcutTarget: TP-LINK Wireless Client Utility.lnk -> C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe (TP-LINK Technology, Corp.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Watchps3.exe.lnk [2015-08-11]

ShortcutTarget: Watchps3.exe.lnk -> C:\Windows\VID_0e8f&PID_0003\Watchps3.exe ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{0B29B12F-5142-4420-935D-3E17F0E6FDDB}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{492BB5EE-2F43-4084-A03B-2BF7904C8544}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{69C927DF-D948-467A-8720-6ED730F92778}: [DhcpNameServer] 192.168.1.254

 

Internet Explorer:

==================

HKU\S-1-5-21-1873260180-584723267-4080468776-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKU\S-1-5-21-1873260180-584723267-4080468776-1000 -> {78CC8F23-5F76-4711-9F10-B19F78179064} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}

BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-08-09] (RealDownloader)

BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll => No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-22] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-22] (Oracle Corporation)

Toolbar: HKLM - s1 Search.us.com Toolbar - {8211CED8-A242-48B3-A191-234BEBB7F509} - C:\Users\Rajinikanth\AppData\Local\TNT2\2.0.0.1057\IEToolbar64.dll No File

Toolbar: HKU\S-1-5-21-1873260180-584723267-4080468776-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

Toolbar: HKU\S-1-5-21-1873260180-584723267-4080468776-1000 -> s1 Search.us.com Toolbar - {8211CED8-A242-48B3-A191-234BEBB7F509} - C:\Users\Rajinikanth\AppData\Local\TNT2\2.0.0.1057\IEToolbar64.dll No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File

 

FireFox:

========

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-22] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-22] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-08-09] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-08-09] (RealNetworks, Inc.)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-08-09] (RealDownloader)

FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1873260180-584723267-4080468776-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rajinikanth\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-1873260180-584723267-4080468776-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rajinikanth\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{B1FC07E1-E05B-4567-8891-E63FBE545BA8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-11-09] [not signed]

 

Chrome: 

=======

CHR Profile: C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (No Name) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-09]

CHR Extension: (No Name) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-09]

CHR Extension: (No Name) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-09]

CHR Extension: (No Name) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-11-09]

CHR Extension: (No Name) - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-08-09]

StartMenuInternet: Google Chrome - C:\Users\Rajinikanth\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)

S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)

R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-25] (CyberLink Corp.)

R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-07-25] (CyberLink)

R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-07-25] (CyberLink)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)

R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)

R2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe [374112 2011-03-14] (Ralink Technology, Corp.)

R2 RalinkRegistryWriter64; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe [451936 2011-03-14] (Ralink Technology, Corp.)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] ()

S3 TpMediaServer; C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe [619872 2011-03-14] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-12-28] (Broadcom Corporation.)

R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-06-17] (BIOSTAR Group)

R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-06-17] (BIOSTAR Group)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-20] (Disc Soft Ltd)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R1 MpKslb6c95284; C:\Windows\system32\MpEngineStore\MpKslb6c95284.sys [44928 2015-11-09] (Microsoft Corporation)

R1 MpKslcf41a2e4; C:\Windows\system32\MpEngineStore\MpKslcf41a2e4.sys [44928 2015-11-09] (Microsoft Corporation)

S3 MPMFL; C:\Windows\System32\DRIVERS\MPMFL.sys [23272 2012-12-17] (Windows ® Server 2003 DDK provider)

R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)

S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)

S3 ZG760_64; C:\Windows\System32\DRIVERS\WlanGZ64.SYS [493696 2006-08-17] (ZyDAS Technology Corporation)

S3 ZG760_64; C:\Windows\SysWOW64\DRIVERS\WlanGZ64.SYS [493696 2006-08-17] (ZyDAS Technology Corporation)

R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-08-10] (CyberLink Corp.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-10 17:44 - 2015-11-10 17:44 - 00004096 _____ C:\ProgramData\igfxEM_64.exe

2015-11-10 17:43 - 2015-11-10 17:43 - 00004096 _____ C:\ProgramData\igfxext_64.dll

2015-11-09 19:03 - 2015-11-09 23:16 - 00000000 ____D C:\Windows\system32\MpEngineStore

2015-11-09 07:49 - 2015-11-10 17:40 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1873260180-584723267-4080468776-1000

2015-11-09 07:49 - 2015-11-10 17:40 - 00003258 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1873260180-584723267-4080468776-1000

2015-11-08 23:24 - 2015-11-08 23:24 - 00000036 _____ C:\Users\Rajinikanth\AppData\Local\housecall.guid.cache

2015-11-08 23:14 - 2015-11-08 23:14 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\QuickScan

2015-11-08 17:53 - 2015-11-08 17:54 - 00037596 _____ C:\Users\Rajinikanth\Desktop\Addition.txt

2015-11-08 17:51 - 2015-11-10 17:55 - 00000000 ____D C:\FRST

2015-11-08 17:51 - 2015-11-08 17:54 - 00024936 _____ C:\Users\Rajinikanth\Desktop\FRST.txt

2015-11-08 17:36 - 2015-11-08 17:44 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\tor

2015-11-08 16:42 - 2015-11-08 16:42 - 00007626 _____ C:\Users\Rajinikanth\AppData\Local\Resmon.ResmonCfg

2015-11-08 16:36 - 2015-11-08 16:36 - 00000137 _____ C:\Users\Rajinikanth\Desktop\debug.log

2015-11-08 14:37 - 2015-11-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-11-08 14:37 - 2015-11-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-11-08 14:37 - 2015-11-08 15:24 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Mozilla

2015-11-08 14:37 - 2015-11-08 14:37 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Mozilla

2015-11-08 02:23 - 2015-11-10 17:42 - 00000000 ____D C:\Users\Rajinikanth\AppData\LocalLow\uTorrent

2015-10-23 20:26 - 2015-11-09 10:12 - 03471692 _____ C:\Windows\system32\CFG2228303646

2015-10-23 20:14 - 2015-10-23 20:14 - 00329496 _____ C:\Windows\Minidump\102315-55536-01.dmp

2015-10-23 20:11 - 2015-10-23 20:12 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

2015-10-13 20:32 - 2015-10-13 20:32 - 00020679 _____ C:\Users\Rajinikanth\Downloads\32415815A0B4621400688F0BF2966D7FD3435D93.torrent

2015-10-13 20:31 - 2015-10-13 20:31 - 00019703 _____ C:\Users\Rajinikanth\Downloads\D6525C8CB07CBC6CE001A97541DAD408D4F1FFF0.torrent

2015-10-13 20:30 - 2015-10-13 20:30 - 00019715 _____ C:\Users\Rajinikanth\Downloads\81BA198ED92739B4BCEE99C90FF5EFA0B71069D4.torrent

2015-10-13 20:28 - 2015-10-13 20:28 - 00017607 _____ C:\Users\Rajinikanth\Downloads\D5A14DD9675E85750E60051FC86F0AB402E9443F.torrent

2015-10-13 20:24 - 2015-10-13 20:24 - 00013303 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - Unnale Unnale 2006 Tamil 720p DVDRip x264 1.2GB ESubs.torrent

2015-10-13 20:23 - 2015-10-13 20:23 - 00012075 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - VSOP (2015)1080p v2 HD - AVC - MP4 - 5.1 - 4.4GB - Tamil.mp4.torrent

2015-10-13 20:21 - 2015-10-13 20:21 - 00016196 _____ C:\Users\Rajinikanth\Downloads\www.TamilRockers.com - Baahubali (2015)1080p DVDRip - Tamil AAC 5.1 (Original) - 3GB ESubs.torrent

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-10 17:55 - 2012-09-08 20:28 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\uTorrent

2015-11-10 17:52 - 2009-07-13 22:45 - 00026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-11-10 17:52 - 2009-07-13 22:45 - 00026000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-11-10 17:51 - 2012-02-01 01:41 - 01088688 _____ C:\Windows\WindowsUpdate.log

2015-11-10 17:47 - 2009-07-13 23:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI

2015-11-10 17:43 - 2015-06-22 00:51 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Raptr

2015-11-10 17:40 - 2013-06-07 16:59 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

2015-11-10 17:40 - 2013-06-03 04:33 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2015-11-10 17:40 - 2012-02-01 02:10 - 00000000 ____D C:\ProgramData\NVIDIA

2015-11-10 17:40 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-11-10 17:40 - 2009-07-13 22:51 - 00111776 _____ C:\Windows\setupact.log

2015-11-10 01:00 - 2012-02-10 22:09 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1873260180-584723267-4080468776-1000UA.job

2015-11-09 20:00 - 2012-02-10 22:09 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1873260180-584723267-4080468776-1000Core.job

2015-11-09 18:58 - 2015-06-20 00:12 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\CrashDumps

2015-11-09 11:08 - 2015-07-18 22:43 - 00000000 ____D C:\Program Files (x86)\Google

2015-11-09 11:08 - 2014-07-23 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrok

2015-11-09 11:08 - 2014-07-23 17:07 - 00000000 ____D C:\Program Files (x86)\Acrok

2015-11-09 11:08 - 2012-08-24 15:37 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\vlc

2015-11-09 11:08 - 2012-08-01 12:42 - 00000000 ____D C:\Users\Deploy

2015-11-09 11:08 - 2012-02-10 22:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-11-09 11:08 - 2012-02-10 22:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Google

2015-11-09 11:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF

2015-11-09 11:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration

2015-11-09 11:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat

2015-11-09 11:07 - 2014-01-21 01:24 - 00000000 ____D C:\ProgramData\RealNetworks

2015-11-09 07:44 - 2012-02-01 01:40 - 00000000 ____D C:\Users\Rajinikanth

2015-11-08 19:23 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2015-11-08 14:32 - 2012-02-10 22:09 - 00000000 ____D C:\Users\Rajinikanth\AppData\Local\Deployment

2015-10-23 20:14 - 2012-02-16 00:10 - 00000000 ____D C:\Windows\Minidump

2015-10-23 20:10 - 2012-02-10 23:53 - 00000000 ____D C:\ProgramData\MFAData

2015-10-21 14:37 - 2015-06-23 08:54 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

 

==================== Files in the root of some directories =======

 

2009-07-13 17:19 - 2009-07-13 19:14 - 0581632 _____ () C:\Users\Rajinikanth\AppData\Roaming\BackUp2228303646.exe

2012-08-01 23:29 - 2012-09-29 14:45 - 0015872 _____ () C:\Users\Rajinikanth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-11-08 23:24 - 2015-11-08 23:24 - 0000036 _____ () C:\Users\Rajinikanth\AppData\Local\housecall.guid.cache

2015-11-08 16:42 - 2015-11-08 16:42 - 0007626 _____ () C:\Users\Rajinikanth\AppData\Local\Resmon.ResmonCfg

2015-11-10 17:44 - 2015-11-10 17:44 - 0004096 _____ () C:\ProgramData\igfxEM_64.exe

2015-11-10 17:43 - 2015-11-10 17:43 - 0004096 _____ () C:\ProgramData\igfxext_64.dll

2012-08-07 12:49 - 2012-08-07 12:49 - 4608000 _____ () C:\ProgramData\ReadOnlyInstaller.msi

2012-08-24 15:22 - 2012-08-24 15:22 - 0033958 _____ () C:\ProgramData\uninstaller.exe

 

Files to move or delete:

====================

C:\ProgramData\igfxEM_64.exe

C:\ProgramData\igfxext_64.dll

C:\ProgramData\uninstaller.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-11-04 00:53

 

==================== End of FRST.txt ============================

Attached Files

•  Fixlog_11102015_1.txt   1.46KB   611 downloads
•  FRST_RanWithAdditionChecked_11102015_1.txt   26.75KB   608 downloads
•  Addition_RanWithAdditionChecked_11102015_1.txt   40.03KB   590 downloads

[RKinner]

One more fixlist just as before but run it from Windows.

 

Download aswMBR.exe  to your desktop.

Right click aswMBR.exe and Run as Administrator

uncheck trace disk IO calls

Click the "Scan" button to start scan (Accept the Avast Engine)

On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply

If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

 

After the FRST fixlist does Chrome open?  

 

IF AVG won't run I would 

 

Download and Save the free Avast installer.

http://files.avast.c...virus_setup.exe

 

 

Download and save the AVG removal tool

http://download.avg....6_2011_1184.exe

 

(Both files are immediate downloads so they should start downloading after you click on the links)

 

Uninstall AVG

 

Run the Avg Remover (right click and Run As Administrator)

 

Reboot

 

Install Avast.

 

Does it run?  IF so after it updates:

do a boot-time scan while you sleep:

First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  You may need to enable seeing hidden files in order to see the file so: Open the Control Panel menu and click Folder Options.

    After the new window appears select the View tab.

    Put a checkmark in the checkbox labeled Display the contents of system folders.

    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

    Remove the checkmark from the checkbox labeled Hide protected operating system files.

    Press the Apply button and then the OK button

 

If you can't find it then take a screen shot of the Detailed Report

 

If you can't get AVG or Avast to run try the free ESET online scan:

 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  

 

# Check Scan Archives

# Push the Start button.

# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

# When the scan completes, push LIST OF THREATS FOUND

# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

# Push the BACK button.

# Push Finish

# Once the scan is completed, you may close the window.

# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

# Copy and paste that log as a reply.

 

 

Let's also try the bitdefender quickscan.

 

http://quickscan.bitdefender.com/

 

When it finishes there is a View Report option at the bottom.  Click on it and copy and paste the report (even if it says nothing found).

 

 

[rajinikanths]

Sure, i'll try now. Thank you.

[rajinikanths]

1. I ran the FixList from Windows.

2. Downloaded aswmbr.exe from a different machine. Copied to desktop. Right-Clicked and selected Run As Administrator. Nothing happened.

3. Restarted PC. Right-Clicked and selected Run As Administrator. Nothing happened this time.

4. Tried to open Chrome. Immediately crashed. Earlier (before reporting), chrome will open and in a second or less, it will crash. 

5. Now tried to open AVG 2014. No reaction.

6. Went to Control Panel to Uninstall. Selected AVG Uninstall. No reaction.

 

Please advise next step.

Thanks.

[RKinner]

See if the AVG removal tool will work.

[rajinikanths]

Not working.

Tried from Desktop as well as USB Drive. No response when I try to run it with 'Run as administrator'.

 

Thanks.

[RKinner]

Try combofix.exe  but before you run it, rename it to george.exe then boot into Safe Mode with Networking and run george.exe by right click and Run As ADmin.

[rajinikanths]

On it. Trying now by booting in safemode. I will update you shortly. Thank you.

[rajinikanths]

It is running. Currently trying to create new system restore point. Once it is complete should I send the log file(s)? Anything else?

Please advise.

 

Thanks again.

[RKinner]

IF you get a log please post it.  Sometimes it can't show you the log but it is still there in the c:\Combofix folder.

[rajinikanths]

Sure. Meanwhile, when the scan was running, my PC just abruptly shutdown. I guess it is due to overheat. I'm going to cool it with fan and restart. Is it OK to reboot into SafeMode with Networking and rerun ComboFix? 

[RKinner]

Yes.