[rajinikanths]

ComboFix just finished. Please find the log attached.

Thank you.

 

ComboFix 15-11-09.01 - Rajinikanth 11/10/2015  23:17:53.1.3 - x64 NETWORK

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8191.6848 [GMT -6:00]

Running from: c:\users\Rajinikanth\Desktop\george.exe

AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\downloads\Setup\1BluToothDriver\Tools\Driver\_desktop.ini

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Watchps3.exe.lnk

c:\programdata\ReadOnlyInstaller.msi

c:\users\Rajinikanth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Silverlight.exe

c:\windows\inf\_desktop.ini

c:\windows\SysWOW64\_desktop.ini

c:\windows\SysWOW64\drivers\_desktop.ini

.

.

(((((((((((((((((((((((((   Files Created from 2015-10-11 to 2015-11-11  )))))))))))))))))))))))))))))))

.

.

2015-11-11 05:29 . 2015-11-11 05:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-11-11 05:29 . 2015-11-11 05:29 -------- d-----w- c:\users\Deploy\AppData\Local\temp

2015-11-11 05:01 . 2015-11-11 05:15 -------- d-----w- C:\george

2015-11-10 01:03 . 2015-11-11 00:10 -------- d-----w- c:\windows\system32\MpEngineStore

2015-11-09 05:14 . 2015-11-09 05:14 -------- d-----w- c:\users\Rajinikanth\AppData\Roaming\QuickScan

2015-11-08 23:51 . 2015-11-11 06:37 -------- d-----w- C:\FRST

2015-11-08 23:36 . 2015-11-08 23:44 -------- d-----w- c:\users\Rajinikanth\AppData\Roaming\tor

2015-11-08 20:37 . 2015-11-08 21:24 -------- d-----w- c:\users\Rajinikanth\AppData\Local\Mozilla

2015-11-08 20:37 . 2015-11-09 17:08 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2015-10-24 02:16 . 2015-10-24 02:16 -------- d-----w- c:\program files\Common Files\Microsoft

2015-10-24 02:11 . 2015-10-24 02:12 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-10-02 18:09 . 2013-03-22 05:26 143481208 ----a-w- c:\windows\system32\MRT.exe

2015-08-25 18:46 . 2015-09-08 06:16 945456 ----a-w- c:\windows\SysWow64\NvFBC.dll

2015-08-25 18:46 . 2015-09-08 06:16 944736 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2015-08-25 18:46 . 2015-09-08 06:16 2627704 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2015-08-25 18:46 . 2015-09-08 06:16 17082392 ----a-w- c:\windows\system32\nvwgf2umx.dll

2015-08-25 18:46 . 2015-09-08 06:16 14936264 ----a-w- c:\windows\system32\nvcuda.dll

2015-08-25 18:46 . 2015-09-08 06:16 11089200 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2015-08-25 18:46 . 2015-09-08 06:16 986232 ----a-w- c:\windows\SysWow64\NvIFR.dll

2015-08-25 18:46 . 2015-09-08 06:16 42840368 ----a-w- c:\windows\system32\nvcompiler.dll

2015-08-25 18:46 . 2015-09-08 06:16 37819184 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2015-08-25 18:46 . 2015-09-08 06:16 2940720 ----a-w- c:\windows\system32\nvcuvid.dll

2015-08-25 18:46 . 2015-09-08 06:16 22525560 ----a-w- c:\windows\system32\nvoglv64.dll

2015-08-25 18:46 . 2015-09-08 06:16 1898288 ----a-w- c:\windows\system32\nvdispco6435582.dll

2015-08-25 18:46 . 2015-09-08 06:16 18543736 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2015-08-25 18:46 . 2015-09-08 06:16 176904 ----a-w- c:\windows\system32\nvinitx.dll

2015-08-25 18:46 . 2015-09-08 06:16 16637336 ----a-w- c:\windows\system32\nvopencl.dll

2015-08-25 18:46 . 2015-09-08 06:16 1558648 ----a-w- c:\windows\system32\nvdispgenco6435582.dll

2015-08-25 18:46 . 2015-09-08 06:16 155792 ----a-w- c:\windows\SysWow64\nvinit.dll

2015-08-25 18:46 . 2015-09-08 06:16 15512888 ----a-w- c:\windows\system32\nvd3dumx.dll

2015-08-25 18:46 . 2015-09-08 06:16 150832 ----a-w- c:\windows\system32\nvoglshim64.dll

2015-08-25 18:46 . 2015-09-08 06:16 128512 ----a-w- c:\windows\SysWow64\nvoglshim32.dll

2015-08-25 18:46 . 2015-09-08 06:16 12185152 ----a-w- c:\windows\SysWow64\nvcuda.dll

2015-08-25 18:46 . 2015-09-08 06:16 1106672 ----a-w- c:\windows\system32\nvumdshimx.dll

2015-08-25 18:46 . 2015-09-08 06:16 1075320 ----a-w- c:\windows\system32\NvFBC64.dll

2015-08-25 18:46 . 2015-09-08 06:16 1064752 ----a-w- c:\windows\system32\NvIFR64.dll

2015-08-25 18:46 . 2015-06-20 17:27 14635792 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2015-08-25 18:46 . 2015-06-20 17:27 13661160 ----a-w- c:\windows\SysWow64\nvopencl.dll

2015-08-25 18:46 . 2014-07-25 05:29 112760 ----a-w- c:\windows\system32\OpenCL.dll

2015-08-25 18:46 . 2014-07-25 05:29 105264 ----a-w- c:\windows\SysWow64\OpenCL.dll

2015-08-25 18:46 . 2014-07-25 05:27 3527696 ----a-w- c:\windows\system32\nvapi64.dll

2015-08-25 18:46 . 2014-07-25 05:27 3112904 ----a-w- c:\windows\SysWow64\nvapi.dll

2015-08-25 18:46 . 2014-07-25 05:27 12515016 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2015-08-25 14:24 . 2014-12-27 06:36 2558584 ----a-w- c:\windows\system32\nvsvcr.dll

2015-08-25 14:24 . 2014-07-25 05:29 62584 ----a-w- c:\windows\system32\nvshext.dll

2015-08-25 14:24 . 2014-07-25 05:29 3496752 ----a-w- c:\windows\system32\nvsvc64.dll

2015-08-25 14:24 . 2014-07-25 05:29 937776 ----a-w- c:\windows\system32\nvvsvc.exe

2015-08-25 14:24 . 2014-07-25 05:29 385144 ----a-w- c:\windows\system32\nvmctray.dll

2015-08-25 14:24 . 2014-07-25 05:29 6884984 ----a-w- c:\windows\system32\nvcpl.dll

2015-08-25 14:08 . 2015-09-08 06:18 574072 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2015-08-25 12:35 . 2014-07-25 05:29 5165808 ----a-w- c:\windows\system32\nvcoproc.bin

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

"uTorrent"="c:\users\Rajinikanth\AppData\Roaming\uTorrent\uTorrent.exe" [2015-10-13 1822048]

"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-04-07 5180432]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-02 285072]

"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-07-25 505872]

"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-07-25 374560]

"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-10-01 56080]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2014-7-17 1396992]

TP-LINK Wireless Client Utility.lnk - c:\program files (x86)\TP-LINK\COMMON\TWCU.exe -s [2012-7-5 10918400]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

.

R1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys;c:\windows\SYSNATIVE\drivers\BIOS64.sys [x]

R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2014/07/22 20:15];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]

R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]

R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]

R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]

R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]

R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]

R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\TP-LINK\COMMON\RaRegistry64.exe;c:\program files (x86)\TP-LINK\COMMON\RaRegistry64.exe [x]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

R2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]

R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 MPMFL;Usb device Game dev Controller Amd64 Driver;c:\windows\system32\DRIVERS\MPMFL.sys;c:\windows\SYSNATIVE\DRIVERS\MPMFL.sys [x]

R3 netr7364;ZyXEL RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]

R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]

R3 TpMediaServer;TpMediaServer;c:\program files (x86)\TP-LINK\COMMON\RaMediaServer.exe;c:\program files (x86)\TP-LINK\COMMON\RaMediaServer.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 xb1usb;Microsoft Xbox One Controller Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x]

R3 ZG760_64;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\DRIVERS\WlanGZ64.SYS;c:\windows\SYSNATIVE\DRIVERS\WlanGZ64.SYS [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-06-24 2754704]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-06-24 1571696]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913a - c:\users\Rajinikanth\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe

HKLM-Run-igfxEM_64 - c:\progra~3\igfxEM_64.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2015-11-10  23:31:18

ComboFix-quarantined-files.txt  2015-11-11 05:31

.

Pre-Run: 27,486,670,848 bytes free

Post-Run: 29,720,215,552 bytes free

.

- - End Of File - - 26870FBCEC6A8C86184891D4773E0BF6

A36C5E4F47E84449FF07ED3517B43A31

Attached Files

•  ComboFix.txt   19.2KB   591 downloads

[Advertisements]

By the way, I did not reboot my PC after ComboFix. It is still in Safe Mode with networking.

Thanks.

[rajinikanths]

By the way, I did not reboot my PC after ComboFix. It is still in Safe Mode with networking.

Thanks.

[RKinner]

Combofix doesn't look bad.  I wonder if it would run in regular mode?  Before you do that see if aswMBR will run.

 

 

 

Let's check and see if there are other problems since you said it got hot:

 

Get the free version of Speccy:

 

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  

 

Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.

 

Got to go to bed now.

[rajinikanths]

Yes I understand. We will catch up tomorrow.

I'll finish the above steps (aswMBR & speccy) and share you the detailed udpates.

 

Thanks again for your support.

[rajinikanths]

aswMBR is not running in the Safe Mode with Networking (using Run as Admin).

Downloading Speccy in a different machine.

[rajinikanths]

Please find attached Speccy's Log. 

Attached Files

•  Speccy_Log_11112015.txt   38.66KB   610 downloads

[rajinikanths]

Thanks again. See you tomorrow.

[RKinner]

I've got to go to Orlando today but will be back tonight.

 

Your Speccy report is not good.  It can't get a temp reading and your hard drive has a lot of problems.:

 

Attribute name Read Error Rate

Real value 0

Current 111

Worst 99

Threshold 6

Raw Value 0001C39580

Status Good

 

....

 

Attribute name Seek Error Rate

Real value 0

Current 77

Worst 60

Threshold 30

Raw Value 000E1D9938

Status Good

 

...

 

Attribute name Command Timeout

Real value 8,590,065,955

Current 100

Worst 98

Threshold 0

Raw Value 0000020123

Status Good

 

...

 

 

 

Attribute name Hardware ECC Recovered

Real value 0

Current 37

Worst 6

Threshold 0

Raw Value 0001C39580

Status Good

 

 

 

I know it says Status Good for all values but I can't believe these values are good.  You may want to clone it before it dies. My experience with these 2 GB and larger drives has not been good.  They don't seem to last as long as the smaller drives.  

 

I'm thinking that what looked like a virus was the Daemon tools driver.  I know they do funny things.  Try uninstalling Daemon Tools then rerun FRST scan.

 

Since we are seeing errors in the hard drive:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:

2. Click Properties, and then click Tools.

3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,

4. Check both boxes and then click Start.

You will receive the following message:

The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?

Click Yes to schedule the disk check, but don't restart yet.

 

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

 

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

 

sfc /scannow

 

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

 

Copy the next two lines:

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 

notepad \windows\logs\cbs\junk.txt 

 

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application. (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)

 

 

Let's get Speedfan:

 

http://www.filehippo...nload_speedfan/

 

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin)

 

It will tell you your temps in real time. (If you click on Configure then on Core you can check Show in Tray then OK  and even when minimized it will show the Core temp in the system tray (near the clock),  If you don't see it then Windows is hiding it.  Click on the up arrow to the left of the icons near the clock and  Customize.  Find Speedfan and change it to Show Icons and Notifications.  ) Leave it up and run something like a video or a scan or maybe sfc /scannow again and see if the temps climb into the 70s or higher.

 

 

Speed fan also has a neat hard drive quality section.  Click on S.M.A.R.T, use the dropdown arrow to select the drive and it will show you the stats on the drive and also analyse it for you.

 

[rajinikanths]

I've done everything. Let me share step by step.

 

Last night, after CompuFix is run and shared, I felt to retry Uninstalling AVG. I went to Control Panel and clicked AVG 2014 to uninstall. Last time when I did, it 

 

reacted nothing. But this time little further luck. It opened a dialog stating it is going to change/uninstall feature and immediately closed. I retried, but back to 

 

earlier issue. Clicked AVG 2014 to uninstall but no reaction. Something must have triggered it to suppress.

 

Now, I moved on to your next list of items.

 

Daemon Tools - This was installed back in June, I think. However, as you recommended I uninstalled it.

 

Disk Checck Utility - I choose recommended options. It suggested to restart but I didn't.

Then, I cleared event log - both - system and application.

Restarted and choose Safe with Networking. It ran for a long time so I left. When I'm back it was in Windows Desktop Screen.

 

I restarted and came to normal windows.

From CMD prompt, ran sfc command.

It completed successfully without errors. Please see screenshot attached.

 

Event Viewer Tool by Vino Rosso - ran both options. Both logs are attached.

 

Speed Fan: I've downloaded and installed with Run as Admin option. It shows GPU 44 and Core 39C by default. I ran SFC and it stayed there.

 

I want to share an update about abrupt system shutdown - My CPU usually shutsdown when I have it running for mutliple days. Usually when I put a fan facing right into 

 

the CPU box, it sustains longer. And, when I play powerful games, it shutsdown sooner. So I've kept CPU Processor Utilization in Power Manager to 98% and not 100%. 

 

This my history of Shutdown events and what I have been doing. Please recommend as you may prefer, now or later.

 

Thanks again.

Attached Thumbnails

• 

Attached Files

•  VEW_ranWithSystemONLY.txt   5.43KB   625 downloads
•  VEW_ranWithApplicationONLY.txt   7.58KB   599 downloads

[RKinner]

Appears you may be running low on hard drive Space on C:  Can you free up a few gigs?

 

Can you get the Windows Readiness Tool to run?

 

https://www.microsof...s.aspx?id=20858

 

We are seeing a problem with Windows Updates - sometimes that will help.  Also in the Search box type:

 

services.msc and hit Enter.  It should open the Services window.  Scroll down to the bottom where it says Windows Update and double click on it.  It should normally be set to Automatic (Delayed Start) and it should be Started.  If it  isn't Started try Starting it.  What error do you get?

[rajinikanths]

Let me now do that. Thanks. By the way my chrome is still crashing.

[RKinner]

See if you can edit the preference file to disable all extensions in chrome:

 

http://superuser.com...bled-turned-off (where it has the green check)

[rajinikanths]

From your earlier advise, I've freed up around 64Gigs space.

I got the Windows Readiness Tool Installed and ran. It recommended a hotfix for Windows 7 and I allowed it to install. See screenshot attached.

Then in Services Console, I noticed Windows Update's status is 'Started'.

 

I'll try the chrome advise and update you shortly.

Attached Thumbnails

• 

[rajinikanths]

Regarding Chrome: I tried running with option --disable-extensions and it didnt' help.

Next I tried to look for preferences file but i don't see it there.                                                            

[RKinner]

OK.  I think it may be in Secure preferences now but let's do it a different way:  First tell Windows to let you see hidden Files:

 

Open the Control Panel menu and click Folder Options.

    After the new window appears select the View tab.

    Put a checkmark in the checkbox labeled Display the contents of system folders.

    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

    Remove the checkmark from the checkbox labeled Hide protected operating system files.

    Press the Apply button and then the OK button

 

Make sure Chrome is not running in the background.  Right click on the clock and Start Task Manager.  Then Processes.  If you see Chrome.exe or Chrome32.exe  click on each and End Process.

 

Press Windows Key + R then paste in the box the code below then click OK.

%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data

Then right click on the Default folder and Cut.  Move to your desktop and Paste.  

 

Uninstall Chrome

 

Download a new copy from https://www.google.c...rowser/desktop/ and install it.  Does the new copy work?  

 

Let's see if things look better in VEW.

 

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

 

Reboot. 

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.

 

 (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)

 

Right click on Speedfan & Run As Admin if it's not running.  then once it settles down, click on the S.M.A.R.T. tab and then on the Down Arrow to the right of Hard Drive.  Select your hard drive.  Click on Perform an In Depth Analysis of this Hard Drive.  A new web page will open.  Right click on the word this at the end of where it says:  "The link to get back and see a new report about this hard disk in the future is this." (It's near the bottom of the page)  Copy Link Location.  Move to a reply and Ctrl + v to paste it into the reply.  That way I can see what your hard drive looks like now.