Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All my documents and pictures hidden, applications are not opening...


  • This topic is locked This topic is locked
38 replies to this topic

#1 nandikonda

nandikonda

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 24 January 2014 - 03:01 AM

Hi,
I know my system infected with virus or adware or spyware.
ISSUES:
All of sudden my desktop changed all files and documents were missing and desktop also changed. When I try to open any application got error as it can't open and asking due to security issue asking to contact system admin but I am the admin and i Have all admin right.
 
 
I have gone through this forum and tried all the means( installed malware bytes, adware cleaner, spyware removal) and making Attributes ad unhidden and all other means.
 
Solved:
 
I changed the Registry entries manually change to open all exe files now all applications are opening and working. This got resolved.
 
Still Need Help:
I am having still the other issues. I tried unhide.exe but unhide.exe is not working my system. All my documents and pictures are grayed and shaded.
If I save any file still I am not able to see it on my desktop but if I save in another location able to see it.
 
here I followed following links:
 
 
and other topics also followed.
 
I also tried to boot form USB by following
 
but my system is not bale to recognize USB and not loading.
 
I have observed that my user profile is also hidden and new Temp profile is created and when ever I log in it is going to that Temp profile.
I tried to use system restore but it didn't complete and told me to disable my avg antivirus program then I try again but I didn't try and scared I may loose my data(pics and docs).
I will try that but I don't think this will help? Do u think it will help? 
 
Please help me 
 
Thanks,
Suman


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 29 January 2014 - 03:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521912 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nandikonda

nandikonda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 30 January 2014 - 02:24 AM

Hi,

 

Thanks for the auto reply. I still need your help.

 

I have try to provide the DDS log but I am not bale to generate it.

 

** I have disabled AVG2014 and netwrok before running dds program

 

1)I try to download to desktop and as usual it doesn't appear, so I have downloaded to another folder in C:\ and tried to run the program from there it has opened up the a pop box  and asking to but it didn't create the log file. Please find attached images.

 

2) I copied the dds program to desktop after downloading it C:\ and try to run and it is giving attaching error screen shot.

 

I also tried same above steps in safe mode too but same errors are coming.

 

My Operating systems is Windows 7 Service Pack 1 64 bit OS

 

Please help me.

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 05 February 2014 - 10:00 AM

Greetings nandikonda and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 10 February 2014 - 04:35 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 nandikonda

nandikonda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 February 2014 - 02:00 AM

Hi Gary,

 

Thanks for your reply and assurance thats it self gave full strength to fight with this malware/virus  :warrior: .

 

I was out of town and didn't check my mails. I will work with your action plan and will post the results today.

 

Please wait for my next reply.

 

Thanks again for your help.

 

Suman



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 11 February 2014 - 09:03 AM

Thanks for touching base. Glad we will be getting started. :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 nandikonda

nandikonda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 February 2014 - 10:12 AM

FRST Log

=======================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Suman (administrator) on SUMAN-THINK on 11-02-2014 20:39:36
Running from C:\Cornoa
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
(Oracle Corporation) C:\app\Suman\product\11.2.0\dbhome_1\bin\omtsreco.exe
(Oracle Corporation) C:\app\Suman\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Oracle Corporation) c:\app\suman\product\11.2.0\dbhome_1\bin\ORACLE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrrealtime.p5x
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-01-15] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-21] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [googletalk] - C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-02] (Google)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-02-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-07] (SUPERAntiSpyware)
HKU\S-1-5-21-3454752886-3887636803-577429812-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-07] (SUPERAntiSpyware)
HKU\S-1-5-21-3454752886-3887636803-577429812-1000\...\MountPoints2: {8099aa50-3eaf-11e0-b385-806e6f6e6963} - Q:\LenovoQDrive.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF26D745A9A19CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {60411D03-4585-42A2-8DA2-6F3BF3F92C07} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://emeetings.webex.com/client/T27L10NSP32_CP7-14688-GE/webex/ieatgpc1.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 123.176.37.37 123.176.37.35 202.53.8.8
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-19] (CrypKey (Canada) Ltd.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 NitroReaderDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [341296 2011-01-14] (Nitro PDF Software)
S2 OracleDBConsoleorcl; C:\app\Suman\product\11.2.0\dbhome_1\bin\nmesrvc.exe [49152 2010-03-02] (Oracle Corporation)
S4 OracleJobSchedulerORCL; c:\app\suman\product\11.2.0\dbhome_1\Bin\extjob.exe [49152 2010-04-02] ()
R2 OracleMTSRecoveryService; C:\app\Suman\product\11.2.0\dbhome_1\bin\omtsreco.exe [69632 2010-04-01] (Oracle Corporation)
S3 OracleOraDb11g_home1ClrAgent; C:\app\Suman\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [38400 2010-02-28] (Oracle Corporation)
R2 OracleServiceORCL; c:\app\suman\product\11.2.0\dbhome_1\bin\ORACLE.EXE [106487808 2010-04-02] (Oracle Corporation)
S3 OracleVssWriterORCL; c:\app\suman\product\11.2.0\dbhome_1\bin\OraVSSW.exe [159744 2010-04-02] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 UDisk Monitor; C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [405504 2010-11-08] ()
S2 McAfee SiteAdvisor Enterprise Service; "C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe" [X]
R2 OracleOraDb11g_home1TNSListener; C:\app\Suman\product\11.2.0\dbhome_1\BIN\TNSLSNR  [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [223744 2012-10-20] (Huawei Technologies Co., Ltd.)
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-19] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-25] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-30] ()
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-04] (ZTEMT Incorporated)
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-11 20:38 - 2014-02-11 20:39 - 00000000 ____D () C:\FRST
2014-02-11 20:14 - 2014-02-11 20:15 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_11_20_14_58.dmp
2014-02-11 20:08 - 2014-02-11 20:14 - 00000112 _____ () C:\Windows\setupact.log
2014-02-11 20:08 - 2014-02-11 20:08 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_11_20_8_35.dmp
2014-02-11 20:08 - 2014-02-11 20:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-11 20:07 - 2014-02-11 20:14 - 00000324 _____ () C:\Windows\errord.log
2014-02-11 01:56 - 2014-02-11 20:15 - 00001016 _____ () C:\Windows\error.log
2014-02-11 00:07 - 2014-02-11 00:07 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_11_0_7_18.dmp
2014-02-06 20:50 - 2014-02-06 20:50 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_6_20_50_36.dmp
2014-02-06 11:09 - 2014-02-06 11:09 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_6_11_9_0.dmp
2014-02-06 00:10 - 2014-02-06 00:10 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_6_0_10_20.dmp
2014-02-05 11:41 - 2014-02-05 11:41 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_5_11_41_12.dmp
2014-02-05 00:50 - 2014-02-05 00:50 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_5_0_50_43.dmp
2014-02-02 17:42 - 2014-02-02 17:42 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_2_17_42_23.dmp
2014-02-02 01:03 - 2014-02-02 01:03 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_2_1_3_40.dmp
2014-01-31 12:10 - 2014-01-31 12:10 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_31_12_10_54.dmp
2014-01-30 22:13 - 2014-01-30 22:13 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_22_13_47.dmp
2014-01-30 13:21 - 2014-01-30 13:21 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_13_21_15.dmp
2014-01-30 12:39 - 2014-01-30 12:39 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_12_39_9.dmp
2014-01-30 12:28 - 2014-01-30 12:28 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_12_28_22.dmp
2014-01-30 12:23 - 2014-01-30 12:16 - 00688992 ____R (Swearware) C:\Windows\system32\config\systemprofile\Desktop\dds.com
2014-01-30 11:29 - 2014-01-30 11:29 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_11_29_41.dmp
2014-01-30 00:37 - 2014-01-30 00:37 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_0_37_20.dmp
2014-01-29 11:27 - 2014-01-29 11:27 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_29_11_27_15.dmp
2014-01-28 21:03 - 2014-01-28 21:03 - 00021340 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_28_21_3_15.dmp
2014-01-28 11:47 - 2014-01-28 11:47 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_28_11_47_47.dmp
2014-01-27 22:43 - 2014-01-27 22:43 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_27_22_43_3.dmp
2014-01-26 17:21 - 2014-01-26 17:21 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_26_17_21_12.dmp
2014-01-25 11:43 - 2014-01-25 11:43 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_25_11_43_47.dmp
2014-01-24 13:12 - 2014-01-24 13:12 - 00000030 _____ () C:\Windows\SysWOW64\MSO2057.acl
2014-01-24 12:34 - 2014-01-24 12:34 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_24_12_34_0.dmp
2014-01-24 11:03 - 2014-01-24 11:03 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_24_11_3_21.dmp
2014-01-24 00:58 - 2014-01-24 00:58 - 00000000 ____D () C:\PCDr
2014-01-24 00:42 - 2014-01-24 00:42 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_24_0_42_11.dmp
2014-01-23 00:52 - 2014-01-23 00:52 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_23_0_52_5.dmp
2014-01-23 00:21 - 2014-01-23 00:21 - 00021290 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_23_0_21_6.dmp
2014-01-22 11:30 - 2014-02-07 01:48 - 00008192 _____ () C:\Windows\system32\SAS_CURRENTUSER.DB3
2014-01-22 11:30 - 2014-01-22 11:30 - 00000000 ____D () C:\Windows\system32\Quarantine
2014-01-22 11:30 - 2014-01-22 11:30 - 00000000 _____ () C:\DEL1802.tmp
2014-01-22 11:27 - 2014-01-22 11:27 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_22_11_27_19.dmp
2014-01-22 11:23 - 2014-01-22 11:23 - 00000000 ____D () C:\Windows\system32\config\systemprofile\Downloads\Quarantine
2014-01-22 11:22 - 2014-01-23 00:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-22 11:22 - 2014-01-22 11:23 - 00008192 _____ () C:\Windows\system32\config\systemprofile\Downloads\SAS_CURRENTUSER.DB3
2014-01-22 11:22 - 2014-01-22 11:22 - 00000000 _____ () C:\DELC7F0.tmp
2014-01-22 11:17 - 2014-01-22 11:24 - 00000000 ____D () C:\AdwCleaner
2014-01-22 11:11 - 2014-01-22 11:11 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_22_11_11_0.dmp
2014-01-22 00:50 - 2014-01-22 00:50 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_22_0_50_21.dmp
2014-01-20 23:51 - 2014-01-20 23:51 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_20_23_51_25.dmp
2014-01-18 00:18 - 2014-01-18 00:18 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_18_0_18_3.dmp
2014-01-18 00:12 - 2014-01-18 00:12 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_18_0_12_41.dmp
2014-01-17 22:46 - 2014-01-17 22:46 - 00000054 _____ () C:\Windows\SysWOW64\filevault.cfg
2014-01-17 21:04 - 2013-11-27 07:11 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-17 21:04 - 2013-11-27 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-17 21:04 - 2013-11-27 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-17 21:04 - 2013-11-27 07:11 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-17 21:04 - 2013-11-27 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-17 21:04 - 2013-11-27 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-17 21:04 - 2013-11-27 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-17 21:04 - 2013-11-26 17:10 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-17 21:04 - 2013-11-26 16:02 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-17 20:52 - 2014-01-17 20:52 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_17_20_52_13.dmp
2014-01-13 11:07 - 2014-01-13 11:07 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_13_11_7_8.dmp
2014-01-13 09:12 - 2014-01-13 09:12 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_13_9_12_12.dmp
2014-01-13 01:24 - 2014-01-13 01:24 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_13_1_24_9.dmp
2014-01-13 00:38 - 2014-01-13 00:38 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_13_0_38_51.dmp
2014-01-12 21:28 - 2014-02-11 20:36 - 01166119 _____ () C:\Windows\WindowsUpdate.log
2014-01-12 21:20 - 2014-01-12 21:21 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_12_21_20_57.dmp
2014-01-12 19:56 - 2014-01-23 00:50 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-12 19:48 - 2014-01-30 12:50 - 00000000 ____D () C:\Windows\system32\config\systemprofile\Desktop\New folder
2014-01-12 19:35 - 2014-01-12 19:35 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_12_19_35_33.dmp
2014-01-12 19:24 - 2014-01-12 19:24 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_12_19_24_36.dmp
 
==================== One Month Modified Files and Folders =======
 
2014-02-11 20:39 - 2014-02-11 20:38 - 00000000 ____D () C:\FRST
2014-02-11 20:39 - 2013-09-20 08:13 - 00000000 ____D () C:\Cornoa
2014-02-11 20:38 - 2011-05-17 00:47 - 00003498 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-02-11 20:38 - 2011-05-17 00:47 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-02-11 20:38 - 2011-05-17 00:47 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-02-11 20:37 - 2013-11-14 00:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 20:36 - 2014-01-12 21:28 - 01166119 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 20:24 - 2009-07-14 10:15 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 20:24 - 2009-07-14 10:15 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 20:16 - 2013-02-24 21:19 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 20:15 - 2014-02-11 20:14 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_11_20_14_58.dmp
2014-02-11 20:15 - 2014-02-11 01:56 - 00001016 _____ () C:\Windows\error.log
2014-02-11 20:15 - 2009-07-14 08:04 - 00000498 _____ () C:\Windows\win.ini
2014-02-11 20:14 - 2014-02-11 20:08 - 00000112 _____ () C:\Windows\setupact.log
2014-02-11 20:14 - 2014-02-11 20:07 - 00000324 _____ () C:\Windows\errord.log
2014-02-11 20:14 - 2013-02-24 21:19 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-11 20:14 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 20:08 - 2014-02-11 20:08 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_11_20_8_35.dmp
2014-02-11 20:08 - 2014-02-11 20:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-11 00:07 - 2014-02-11 00:07 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_11_0_7_18.dmp
2014-02-07 01:48 - 2014-01-22 11:30 - 00008192 _____ () C:\Windows\system32\SAS_CURRENTUSER.DB3
2014-02-07 01:00 - 2013-07-09 10:51 - 00005538 _____ () C:\Windows\SysWOW64\userawacs.cfg
2014-02-06 20:56 - 2013-07-09 10:51 - 00001162 _____ () C:\Windows\SysWOW64\usergui.cfg
2014-02-06 20:50 - 2014-02-06 20:50 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_6_20_50_36.dmp
2014-02-06 11:09 - 2014-02-06 11:09 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_6_11_9_0.dmp
2014-02-06 00:10 - 2014-02-06 00:10 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_6_0_10_20.dmp
2014-02-05 12:37 - 2013-11-14 00:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 12:37 - 2013-06-23 00:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 12:37 - 2011-05-17 09:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 11:41 - 2014-02-05 11:41 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_5_11_41_12.dmp
2014-02-05 01:15 - 2011-12-03 19:35 - 00122624 _____ () C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-05 00:50 - 2014-02-05 00:50 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_5_0_50_43.dmp
2014-02-05 00:50 - 2009-07-14 10:15 - 00437600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-02 18:16 - 2013-05-04 20:58 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-02-02 18:16 - 2013-05-04 20:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-02-02 18:15 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\registration
2014-02-02 18:14 - 2011-02-23 00:03 - 00000000 ____D () C:\swshare
2014-02-02 17:42 - 2014-02-02 17:42 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_2_17_42_23.dmp
2014-02-02 17:42 - 2011-05-17 00:47 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-02-02 01:26 - 2011-05-17 00:47 - 00004236 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-02-02 01:03 - 2014-02-02 01:03 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_2_2_1_3_40.dmp
2014-01-31 12:10 - 2014-01-31 12:10 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_31_12_10_54.dmp
2014-01-30 22:13 - 2014-01-30 22:13 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_22_13_47.dmp
2014-01-30 13:21 - 2014-01-30 13:21 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_13_21_15.dmp
2014-01-30 12:53 - 2013-09-19 13:07 - 00000000 ____D () C:\Ledia
2014-01-30 12:50 - 2014-01-12 19:48 - 00000000 ____D () C:\Windows\system32\config\systemprofile\Desktop\New folder
2014-01-30 12:39 - 2014-01-30 12:39 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_12_39_9.dmp
2014-01-30 12:28 - 2014-01-30 12:28 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_12_28_22.dmp
2014-01-30 12:16 - 2014-01-30 12:23 - 00688992 ____R (Swearware) C:\Windows\system32\config\systemprofile\Desktop\dds.com
2014-01-30 11:29 - 2014-01-30 11:29 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_11_29_41.dmp
2014-01-30 00:37 - 2014-01-30 00:37 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_30_0_37_20.dmp
2014-01-29 13:00 - 2009-07-24 21:59 - 21118976 _____ () C:\Windows\system32\config\RegBack\SYSTEM
2014-01-29 13:00 - 2009-07-24 21:59 - 01368064 _____ () C:\Windows\system32\config\RegBack\DEFAULT
2014-01-29 13:00 - 2009-07-24 21:59 - 00065536 _____ () C:\Windows\system32\config\RegBack\SAM
2014-01-29 12:59 - 2009-07-24 21:59 - 87703552 _____ () C:\Windows\system32\config\RegBack\SOFTWARE
2014-01-29 12:58 - 2009-07-24 21:59 - 00028672 _____ () C:\Windows\system32\config\RegBack\SECURITY
2014-01-29 11:27 - 2014-01-29 11:27 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_29_11_27_15.dmp
2014-01-28 21:03 - 2014-01-28 21:03 - 00021340 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_28_21_3_15.dmp
2014-01-28 11:47 - 2014-01-28 11:47 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_28_11_47_47.dmp
2014-01-27 22:43 - 2014-01-27 22:43 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_27_22_43_3.dmp
2014-01-26 17:21 - 2014-01-26 17:21 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_26_17_21_12.dmp
2014-01-25 11:43 - 2014-01-25 11:43 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_25_11_43_47.dmp
2014-01-24 13:12 - 2014-01-24 13:12 - 00000030 _____ () C:\Windows\SysWOW64\MSO2057.acl
2014-01-24 12:34 - 2014-01-24 12:34 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_24_12_34_0.dmp
2014-01-24 11:03 - 2014-01-24 11:03 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_24_11_3_21.dmp
2014-01-24 00:58 - 2014-01-24 00:58 - 00000000 ____D () C:\PCDr
2014-01-24 00:42 - 2014-01-24 00:42 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_24_0_42_11.dmp
2014-01-23 00:52 - 2014-01-23 00:52 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_23_0_52_5.dmp
2014-01-23 00:50 - 2014-01-22 11:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-23 00:50 - 2014-01-12 19:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-23 00:50 - 2013-07-04 23:42 - 00000000 ____D () C:\Windows\SysWOW64\cache
2014-01-23 00:50 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-23 00:50 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\servicing
2014-01-23 00:21 - 2014-01-23 00:21 - 00021290 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_23_0_21_6.dmp
2014-01-22 11:30 - 2014-01-22 11:30 - 00000000 ____D () C:\Windows\system32\Quarantine
2014-01-22 11:30 - 2014-01-22 11:30 - 00000000 _____ () C:\DEL1802.tmp
2014-01-22 11:27 - 2014-01-22 11:27 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_22_11_27_19.dmp
2014-01-22 11:24 - 2014-01-22 11:17 - 00000000 ____D () C:\AdwCleaner
2014-01-22 11:23 - 2014-01-22 11:23 - 00000000 ____D () C:\Windows\system32\config\systemprofile\Downloads\Quarantine
2014-01-22 11:23 - 2014-01-22 11:22 - 00008192 _____ () C:\Windows\system32\config\systemprofile\Downloads\SAS_CURRENTUSER.DB3
2014-01-22 11:22 - 2014-01-22 11:22 - 00000000 _____ () C:\DELC7F0.tmp
2014-01-22 11:11 - 2014-01-22 11:11 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_22_11_11_0.dmp
2014-01-22 00:50 - 2014-01-22 00:50 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_22_0_50_21.dmp
2014-01-20 23:51 - 2014-01-20 23:51 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_20_23_51_25.dmp
2014-01-18 00:18 - 2014-01-18 00:18 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_18_0_18_3.dmp
2014-01-18 00:12 - 2014-01-18 00:12 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_18_0_12_41.dmp
2014-01-17 22:50 - 2013-08-16 11:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 22:46 - 2014-01-17 22:46 - 00000054 _____ () C:\Windows\SysWOW64\filevault.cfg
2014-01-17 20:52 - 2014-01-17 20:52 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_17_20_52_13.dmp
2014-01-13 11:07 - 2014-01-13 11:07 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_13_11_7_8.dmp
2014-01-13 09:12 - 2014-01-13 09:12 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_13_9_12_12.dmp
2014-01-13 01:24 - 2014-01-13 01:24 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_13_1_24_9.dmp
2014-01-13 00:38 - 2014-01-13 00:38 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_13_0_38_51.dmp
2014-01-12 21:21 - 2014-01-12 21:20 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_12_21_20_57.dmp
2014-01-12 19:57 - 2009-07-24 22:59 - 00000000 ____D () C:\Windows\Panther
2014-01-12 19:56 - 2011-08-25 10:34 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Local\CrashDumps
2014-01-12 19:35 - 2014-01-12 19:35 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_12_19_35_33.dmp
2014-01-12 19:24 - 2014-01-12 19:24 - 00021242 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_1_12_19_24_36.dmp
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-29 12:59
 
==================== End Of Log ============================


#9 nandikonda

nandikonda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 February 2014 - 10:14 AM

Addition Log

===============

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by Suman at 2014-02-11 20:40:44
Running from C:\Cornoa
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (Version: 1.00 - )
 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
Access Help (x32 Version: 3.00 - Lenovo)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (x32 Version: 10.1.9 - Adobe Systems Incorporated)
airtel (x32 Version: 21.005.22.03.284 - Huawei Technologies Co.,Ltd)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (Version: 14.0.3697 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BisonCam Twain Pro (x32 Version: 1.5.4.5 - Bison WebCam Ap)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (Version: 4.09 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (x32 Version:  - Cisco WebEx LLC)
Corel Burn.Now Lenovo Edition (x32 Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (x32 Version: 7.0.0 - Corel Corporation)
Create Recovery Media (x32 Version: 1.20.0.00 - Lenovo Group Limited)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0 - Business Objects) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (x32 Version: 6.02.0001 - Microsoft Corporation)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
DivX Setup (x32 Version: 2.6.1.8 - DivX, LLC)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Talk (remove only) (x32 Version:  - )
Google Talk Plugin (x32 Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
iCloud (Version: 3.0.2.163 - Apple Inc.)
Integrated Camera Driver Installer Package Ver.1.0.1.7 (x32 Version: 1.0.1.7 - RICOH)
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2125 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.3 - Intel)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
iTunes (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 7 Update 3 (64-bit) (Version: 7.0.30 - Oracle)
Java™ SE Development Kit 7 Update 3 (64-bit) (Version: 1.7.0.30 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (Version: 1.00 - )
Lenovo System Interface Driver (Version: 1.02 - )
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Warranty Information (x32 Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (x32 Version:  - Lenovo)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MBlaze UI (Version:  - )
McAfee SiteAdvisor Enterprise Plus (x32 Version: 3.0.0.539 - McAfee, Inc.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (x32 Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (x32 Version: 3.6.0034 - Lenovo)
Mozilla Firefox 13.0.1 (x86 en-US) (x32 Version: 13.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 13.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nitro PDF Reader (Version: 1.4.0.11 - Nitro PDF Software)
Nokia Connectivity Cable Driver (Version: 7.1.32.69 - )
On Screen Display (Version: 6.10.00 - )
Picasa 3 (x32 Version: 3.8 - Google, Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5 - Nitro PDF Software)
QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version:  - RealNetworks)
Realtek Ethernet Controller Driver For Windows Vista and Later (x32 Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00 - )
Skype™ 6.6 (x32 Version: 6.6.106 - Skype Technologies S.A.)
SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
System Update (x32 Version: 4.00.0032 - Lenovo)
TeamViewer 7 (x32 Version: 7.0.14484 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.1400 - Broadcom Corporation)
ThinkPad Power Management Driver (Version: 1.60.0.4 - )
ThinkPad Power Manager (x32 Version: 3.30 - )
ThinkPad UltraNav Driver (Version: 15.0.18.0 - )
ThinkPad Wireless LAN Adapter Software (x32 Version: 1.00.0024.0 - REALTEK Semiconductor Corp.)
ThinkVantage Active Protection System (Version: 1.74 - Lenovo)
ThinkVantage Communications Utility (Version: 1.41 - Lenovo)
Turbo Lister 2 (x32 Version: 2.00.0000 - eBay Inc.)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Intel hdc  (06/04/2009 7.0.0.1013) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-bit) (Version: 4.01.0 - win.rar GmbH)
Yahoo! Messenger (x32 Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
17-01-2014 17:17:14 Windows Update
20-01-2014 18:31:56 Windows Backup
22-01-2014 19:14:17 Restore Operation
26-01-2014 13:30:33 Windows Backup
02-02-2014 13:30:26 Windows Backup
10-02-2014 18:47:53 Windows Backup
 
==================== Hosts content: ==========================
 
2013-09-18 00:20 - 2013-09-18 00:53 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {17897542-F846-4556-9427-914406A4056F} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-25] (Lenovo Group Limited)
Task: {20C9EC51-0BEF-4087-9C4A-CCCDACDE1D05} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {35F95EDE-CD7D-48EB-92FB-67FFC56ED015} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
Task: {37FB34B3-BFD5-4312-8726-2F7E0E27FBEB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3454752886-3887636803-577429812-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {5832BAC7-A1F3-4541-9CBD-FBBAF680306F} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {64B9D24D-3C88-451A-A5EE-A9CA8FB368DC} - System32\Tasks\JavaUpdateSched => C:\Windows\SysWOW64\jusched.exe
Task: {7522098A-6533-4E60-96A7-328A48E92E32} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3454752886-3887636803-577429812-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {8BDB00FD-5107-4FA3-8F56-D676B35674F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
Task: {9A32807D-F151-423E-8CA6-B4EE1B4556F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {AB499DFF-9C17-4366-82DD-31AF2004F814} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3454752886-3887636803-577429812-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {BCF51083-55CF-4612-8943-953F319B33B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3454752886-3887636803-577429812-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {CBB8263A-E9B6-447D-908A-9A41F8AFC30C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D626CF36-DB65-4A22-9C13-283FA80F6CD3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {DDC7934C-8561-43BD-B1D2-A104ABC360AA} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-05-28 11:39 - 2009-05-28 11:39 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2011-04-01 03:36 - 2011-06-27 20:36 - 00502352 _____ () C:\Program Files\PC-Doctor\libAsapiCSharp.dll
2011-04-01 03:36 - 2011-06-27 20:36 - 00100944 _____ () C:\Program Files\PC-Doctor\libCSharpCommonCS.dll
2011-04-01 03:36 - 2011-06-27 20:36 - 00018512 _____ () C:\Program Files\PC-Doctor\libGapiCSharp.dll
2011-04-01 03:36 - 2011-06-27 20:36 - 00029264 _____ () C:\Program Files\PC-Doctor\libDataStoreCSharp.dll
2011-04-01 03:36 - 2011-06-27 20:36 - 00092752 _____ () C:\Program Files\PC-Doctor\libTonopahClientCSharp.dll
2011-04-01 03:36 - 2011-06-27 20:36 - 00031824 _____ () C:\Program Files\PC-Doctor\pcdcsharpcommon.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/11/2014 08:16:32 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Suman-THINK)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (02/11/2014 08:16:32 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Suman-THINK)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (02/11/2014 08:16:32 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Suman-THINK)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (02/11/2014 08:15:26 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (02/11/2014 08:14:58 PM) (Source: OracleDBConsoleorcl) (User: )
Description: Service failed to launch process.
 
Error: (02/11/2014 08:14:58 PM) (Source: OracleDBConsoleorcl) (User: )
Description: Service failed to launch process.
 
Error: (02/11/2014 08:09:02 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (02/11/2014 08:08:35 PM) (Source: Microsoft-Windows-User Profiles Service) (User: Suman-THINK)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system. 
 
 DETAIL - Access is denied.
 
Error: (02/11/2014 08:08:35 PM) (Source: OracleDBConsoleorcl) (User: )
Description: Service failed to launch process.
 
Error: (02/11/2014 08:08:35 PM) (Source: OracleDBConsoleorcl) (User: )
Description: Service failed to launch process.
 
 
System errors:
=============
Error: (02/11/2014 08:17:13 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (02/11/2014 08:14:58 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Enterprise Service service failed to start due to the following error: 
%%2
 
Error: (02/11/2014 08:10:46 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (02/11/2014 08:08:34 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Enterprise Service service failed to start due to the following error: 
%%2
 
Error: (02/11/2014 00:09:34 AM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (02/11/2014 00:07:18 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Enterprise Service service failed to start due to the following error: 
%%2
 
Error: (02/06/2014 08:52:52 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (02/06/2014 08:50:36 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Enterprise Service service failed to start due to the following error: 
%%2
 
Error: (02/06/2014 11:10:59 AM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (02/06/2014 11:09:00 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Enterprise Service service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 55%
Total physical RAM: 3892.55 MB
Available physical RAM: 1713.88 MB
Total Pagefile: 7783.28 MB
Available Pagefile: 4858.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:452.87 GB) (Free:267.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:0.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 839DC72F)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 nandikonda

nandikonda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 February 2014 - 10:22 AM

Hi Gary,

 

I have posted FRST and Addition Log. Please let me know i f you need any additional information.

 

Thanks,

Suman



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 11 February 2014 - 02:31 PM

Hi Suman,

Can you tell me what User Profile name you use?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 nandikonda

nandikonda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 12 February 2014 - 01:10 AM

Hi Gary,

 

I am using Suman Profile. Ihave basically 2 accounts.

1) Suman(whihc has Admin previlages)

2) Rider(User previlages no admin rights).

 

I am using Suman account.

 

Thnaks,

Suman

 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 12 February 2014 - 09:57 AM

Hi Suman,

Thank you for that information.

It appears you may have a corrupted User Profile. Please follow the below steps so we can determine if that is the source of your problems.

===================================================

Creating a New User Profile Windows 7/Vista

--------------
  • Click Start, Control Panel, then User Accounts
  • Click Manage Another Account
  • Type a new account name you want to use then click Next
  • Select Computer administrator then click Create Account
  • Reboot your computer and log into the newly created user account to actually create the account
  • Click Start, Control Panel, then User Accounts
  • Click Manage Another Account
  • Type Temp then click Next
  • Select Computer administrator then click Create Account
  • Close the User Accounts window
  • Reboot your computer and log in as Temp
  • Click Start, Control Panel, then Folder Options
  • Click View, place a checkmark next to Show hidden files and folders, and uncheck Hide protected operating system files
  • Click OK
  • Using Windows Explorer navigate to C:\Users\Suman
  • Holding down the Ctrl key, left click each entry in the folder EXCEPT for the following, if they exist:

Ntuser.dat
Ntuser.dat.log
Ntuser.ini

  • Right click and select Copy
  • Left click on the new user account name you created (not Temp)
  • Right click on the screen to the right and select Paste
  • Close any open windows, reboot your computer, and log in to the new user name
  • Check to see if your computer is working properly
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Is your computer behaving normally now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 nandikonda

nandikonda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 12 February 2014 - 01:08 PM

HI Gary,

 

Thanks for your help.

So from now on wards I have use the newly creates user(non temp) profile SKReddy, right?

I am able to see my pics and documents not in hidden mode  :guitar: (C:\Users\Suman\Documents) from SKReddy Profile.

 

I am seeing my exe files as %1%( I remember I have modified the registry keys and changed to %1% before taking your help by following other forum), so is this going to be any problem?

 

I am attaching the screenshot.

 

Thanks,

Suman

Attached Files



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:55 AM

Posted 12 February 2014 - 01:24 PM

HI Suman,

Yes, that is the User Profile you will need to use now. As I suspected, your other User Profile was corrupted.

That .exe setting is correct.
 

I am able to see my pics and documents not in hidden mode :guitar: (C:\Users\Suman\Documents) from SKReddy Profile.

You should be able to see those items directly from the new profile without having to access the Suman profile.  Can you check that to make sure.

Are you experiencing any issues now?


Edited by Oh My, 12 February 2014 - 01:28 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users