Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

russian pop up virus along with text enhancements etc


  • This topic is locked This topic is locked
7 replies to this topic

#1 BRK1

BRK1

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 06 December 2014 - 02:50 AM

Hi
I seems to be infected. russian pop ups and redirects to aviasales.ru and porn sits and words like people and mmo linked to porn sites .
I tried system restore , malware bytes adwere cleaner cc cleaner  and the thing also downloaded something called v4.4.ru to my mobile a apk file please help . i run windows 8.1.
 
I tried preparation guides step 6 7 8 that is tried  DDS but it said can't run in compatibility mode. 
rsit log , rsit info :
Sorry, you don't have permission for that!
 

[#103131]
You do not have permission for that action.
 
 


 
 
so uploaded them below.
 

btw thanks guys for all the help 
 
oh and i had originally posted in am i infected thread and things i tried there and link to that forum http://www.bleepingcomputer.com/forums/t/558631/russian-pop-up-virus/
 
edit : added link to the older thread / post



hey again , i think the problem is with either my modem or net cause i had just installed xp on my pc ( the above problem was with my laptop) and i installed firefox and it had again the same virus. so is there a way a to disinfect maybe my net connection? or something ,  i don't wan't to try rebooting my Dlink modem as i don't exactly remember my password and if i reboot i will again have to call my isp guy as he dosn't exactly give out the configarations

Attached Files

  • Attached File  info.txt   22.32KB   3 downloads
  • Attached File  log.txt   33.29KB   4 downloads

Edited by boopme, 06 December 2014 - 09:41 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 10 December 2014 - 10:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 BRK1

BRK1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 10 December 2014 - 11:35 AM

hey, 

this is the frst.txt :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2014 01
Ran by RADHAKRISHNA (administrator) on BRK on 10-12-2014 22:00:36
Running from C:\Users\RADHAKRISHNA\Desktop
Loaded Profile: RADHAKRISHNA (Available profiles: RADHAKRISHNA)
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-12-08] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-20] (IVT Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\Run: [SkyDrive] => C:\Users\RADHAKRISHNA\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\Run: [GarenaPlus] => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-10-17] (Raptr, Inc)
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\MountPoints2: F - "F:\AutoRun.exe" 
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\MountPoints2: G - "G:\AutoRun.exe" 
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\MountPoints2: {03d264b9-48f6-11e3-bef4-001e101face8} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\MountPoints2: {22ed24a6-67a1-11e3-bf52-38eaa7f28f2b} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\MountPoints2: {bf7aa6df-29d4-11e3-be81-38eaa7f28f2b} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\MountPoints2: {cdc9cacd-3110-11e3-bea2-001e101f997a} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\MountPoints2: {ef03d0e4-9b77-11e3-8012-38eaa7f28f2b} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\...\MountPoints2: {f679cf9e-2b5e-11e3-be85-38eaa7f28f2b} - "F:\AutoRun.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/26
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/26
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.futurefist.com
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/26
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-154348-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-154348-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3785010019-2192401253-1565588363-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA39F2378-39AC-40C2-8EA0-7536C3407277&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3785010019-2192401253-1565588363-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA39F2378-39AC-40C2-8EA0-7536C3407277&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3785010019-2192401253-1565588363-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-154348-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-3785010019-2192401253-1565588363-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 94.249.192.104 8.8.8.8
Tcpip\..\Interfaces\{6F3D59A6-F529-4290-88BF-CD7D2E97CBFC}: [NameServer] 203.145.160.5 203.145.160.6
Tcpip\..\Interfaces\{C7599B0B-4C0F-425B-948D-855442DB79AD}: [NameServer] 203.145.160.5 203.145.160.6
Tcpip\..\Interfaces\{E987698D-37B1-447C-ABAE-F9E3472541C9}: [NameServer] 203.145.160.5 203.145.160.6
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3785010019-2192401253-1565588363-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\RADHAKRISHNA\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3785010019-2192401253-1565588363-1002: ubisoft.com/uplaypc -> C:\FILES\games\Assassins Creed III\UplayMedia\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]
CHR Extension: (Google Docs) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]
CHR Extension: (Google Drive) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-03]
CHR Extension: (YouTube) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]
CHR Extension: (Google Search) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]
CHR Extension: (Google Sheets) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]
CHR Extension: (Google Wallet) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (Gmail) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]
CHR Profile: C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (No Name) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (No Name) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-29]
CHR Extension: (No Name) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Profile: C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (No Name) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-11]
CHR Extension: (No Name) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-11]
CHR Extension: (No Name) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-27] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-20] (IVT Corporation)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-13] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-13] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-16] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-20] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-03] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [254976 2012-10-13] (Jungo)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2012-10-13] (Xilinx, Inc.)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-10 22:00 - 2014-12-10 22:01 - 00021127 _____ () C:\Users\RADHAKRISHNA\Desktop\FRST.txt
2014-12-10 22:00 - 2014-12-10 22:01 - 00000000 ____D () C:\FRST
2014-12-10 21:58 - 2014-12-10 21:59 - 02119680 _____ (Farbar) C:\Users\RADHAKRISHNA\Desktop\FRST64.exe
2014-12-10 20:55 - 2014-12-10 20:55 - 00033550 _____ () C:\Users\RADHAKRISHNA\Downloads\Birdman (2014) 720p BrRip x264 YIFY.torrent
2014-12-09 22:25 - 2014-12-09 22:25 - 00020875 _____ () C:\Users\RADHAKRISHNA\Downloads\[kickass.so]firefly.complete.series.720p.mkv.compression.mkvgod.torrent
2014-12-06 12:37 - 2014-12-06 13:58 - 647823360 _____ () C:\Users\RADHAKRISHNA\Downloads\Windows_XP_Professional_SP3_Nov_2013_Incl_SATA_Drivers.iso
2014-12-06 12:36 - 2014-12-06 12:36 - 00000000 ____D () C:\rsit
2014-12-06 12:36 - 2014-12-06 12:36 - 00000000 ____D () C:\Program Files (x86)\trend micro
2014-12-06 12:33 - 2014-12-06 12:34 - 01107968 _____ () C:\Users\RADHAKRISHNA\Downloads\RSIT.exe
2014-12-05 22:23 - 2014-12-05 22:23 - 00000879 _____ () C:\Users\RADHAKRISHNA\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-12-05 21:43 - 2014-12-05 21:43 - 01682512 _____ (BitTorrent Inc.) C:\Users\RADHAKRISHNA\Downloads\uTorrent.exe
2014-12-05 21:24 - 2014-12-05 21:24 - 00244104 _____ () C:\Users\RADHAKRISHNA\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-05 21:19 - 2014-12-06 15:46 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-05 21:18 - 2014-12-05 21:19 - 00453048 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\RADHAKRISHNA\Downloads\rufus_v1.3.2.exe
2014-12-04 22:28 - 2014-12-04 22:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-04 21:37 - 2014-12-04 21:38 - 02347384 _____ (ESET) C:\Users\RADHAKRISHNA\Downloads\esetsmartinstaller_enu.exe
2014-12-04 17:25 - 2014-12-04 17:29 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\RADHAKRISHNA\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-04 16:15 - 2014-12-04 16:15 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-04 16:15 - 2014-12-04 16:15 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-12-04 12:09 - 2014-12-04 12:09 - 00000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-12-03 23:29 - 2014-12-04 06:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 21:55 - 2014-12-03 21:55 - 00000000 __SHD () C:\Users\RADHAKRISHNA\AppData\Local\EmieBrowserModeList
2014-12-03 19:44 - 2014-12-03 19:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-03 19:41 - 2014-12-10 17:49 - 00002076 _____ () C:\WINDOWS\PFRO.log
2014-12-03 19:34 - 2014-12-10 21:25 - 01451936 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-30 18:27 - 2014-11-30 18:28 - 05462528 _____ () C:\Users\RADHAKRISHNA\Downloads\lecture10 (2).ppt
2014-11-30 18:27 - 2014-11-30 18:28 - 00632832 _____ () C:\Users\RADHAKRISHNA\Downloads\petri.ppt
2014-11-30 18:27 - 2014-11-30 18:27 - 05462528 _____ () C:\Users\RADHAKRISHNA\Downloads\lecture10 (1).ppt
2014-11-30 10:41 - 2014-11-30 10:41 - 00450219 _____ () C:\Users\RADHAKRISHNA\Downloads\unit-five.pptx
2014-11-30 07:26 - 2014-11-30 07:26 - 05462528 _____ () C:\Users\RADHAKRISHNA\Downloads\lecture10.ppt
2014-11-28 22:34 - 2014-11-28 22:34 - 00332504 _____ () C:\Users\RADHAKRISHNA\Downloads\Hidden Markov model.pptx
2014-11-25 14:09 - 2014-11-25 14:10 - 04237824 _____ () C:\Users\RADHAKRISHNA\Downloads\Horn antennas.ppt
2014-11-24 18:31 - 2014-11-24 18:31 - 23760384 _____ () C:\Users\RADHAKRISHNA\Downloads\Antenna parameters upto CAT 1 (2).ppt
2014-11-23 19:52 - 2014-11-23 19:52 - 00002016 _____ () C:\Users\RADHAKRISHNA\AppData\Local\recently-used.xbel
2014-11-23 15:33 - 2014-11-23 15:33 - 00000708 _____ () C:\Users\RADHAKRISHNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\videos.lnk
2014-11-23 15:33 - 2014-11-23 15:33 - 00000701 _____ () C:\Users\RADHAKRISHNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\games.lnk
2014-11-22 10:50 - 2014-11-22 10:57 - 33730560 _____ () C:\Users\RADHAKRISHNA\Downloads\HEPTutorial_0.tar
2014-11-21 22:08 - 2014-11-21 22:19 - 00000000 ____D () C:\Users\RADHAKRISHNA\Documents\NFS Most Wanted
2014-11-21 19:30 - 2014-11-21 19:30 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Roaming\AMD
2014-11-21 13:43 - 2014-11-21 14:04 - 00000000 ____D () C:\Users\RADHAKRISHNA\Downloads\WinSetupFromUSB-1-1
2014-11-21 13:37 - 2014-11-21 13:40 - 22619852 _____ (Igor Pavlov) C:\Users\RADHAKRISHNA\Downloads\WinSetupFromUSB-1-1.exe
2014-11-21 12:59 - 2014-11-21 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyRecovery Professional
2014-11-21 12:59 - 2014-11-21 12:59 - 00000000 ____D () C:\Program Files (x86)\Ontrack
2014-11-21 10:17 - 2014-11-24 14:39 - 00004964 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BRK-RADHAKRISHNA BRK
2014-11-20 22:58 - 2014-11-20 23:02 - 01618440 _____ () C:\Users\RADHAKRISHNA\Downloads\EasyBCD2.2.exe
2014-11-20 19:49 - 2014-11-20 19:58 - 00000000 ____D () C:\Users\RADHAKRISHNA\Documents\Quick-PDF PDF to Word
2014-11-19 16:25 - 2014-11-19 16:25 - 01938944 _____ () C:\Users\RADHAKRISHNA\Downloads\Multiple Access Techniques_f.ppt
2014-11-19 10:13 - 2014-11-10 04:49 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 10:13 - 2014-11-10 04:49 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 10:13 - 2014-11-10 04:48 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 10:13 - 2014-11-10 04:48 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-18 20:47 - 2014-11-18 20:47 - 01691816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL
2014-11-16 17:50 - 2014-11-16 17:50 - 00361984 _____ () C:\Users\RADHAKRISHNA\Downloads\Basics of wave propagation (1).ppt
2014-11-16 13:24 - 2014-11-16 13:24 - 23760384 _____ () C:\Users\RADHAKRISHNA\Downloads\Antenna parameters upto CAT 1 (1).ppt
2014-11-15 23:09 - 2014-11-15 23:09 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-11-15 23:08 - 2014-11-23 15:38 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Roaming\.minecraft
2014-11-12 23:55 - 2014-11-12 23:55 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Local\4A Games
2014-11-12 22:06 - 2014-09-22 10:08 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-12 22:06 - 2014-09-22 08:36 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-12 22:06 - 2014-09-22 08:36 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-12 22:06 - 2014-09-22 08:19 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-12 22:06 - 2014-09-19 05:46 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-12 22:06 - 2014-09-03 03:38 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-12 22:06 - 2014-09-03 03:38 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-12 22:05 - 2014-10-13 08:03 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-12 22:05 - 2014-10-11 06:28 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-12 22:05 - 2014-10-11 06:23 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-12 22:05 - 2014-10-08 13:00 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-12 22:05 - 2014-10-08 12:39 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-12 22:05 - 2014-10-08 11:57 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-12 22:05 - 2014-10-08 11:02 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-12 22:05 - 2014-10-08 10:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-12 22:05 - 2014-09-27 12:43 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 22:05 - 2014-09-27 10:54 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-12 22:05 - 2014-09-27 09:08 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-12 22:05 - 2014-09-27 09:00 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 22:05 - 2014-09-27 08:47 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-12 21:59 - 2014-10-10 07:28 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-12 21:59 - 2014-10-10 07:28 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-12 21:59 - 2014-10-10 07:14 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-12 21:59 - 2014-10-08 13:07 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-12 21:59 - 2014-10-08 13:07 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-12 21:59 - 2014-10-08 13:04 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-12 21:59 - 2014-10-08 12:54 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 21:59 - 2014-10-08 12:26 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-12 21:59 - 2014-10-08 12:21 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-12 21:59 - 2014-10-08 12:21 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-12 21:59 - 2014-10-08 11:48 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-12 21:59 - 2014-10-08 11:47 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-12 21:59 - 2014-10-08 10:53 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 21:51 - 2014-10-31 10:58 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-12 21:51 - 2014-10-31 09:12 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-12 21:49 - 2014-10-31 10:36 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-12 21:49 - 2014-10-31 10:35 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-12 21:49 - 2014-10-31 10:23 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-12 21:49 - 2014-10-31 10:21 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-12 21:49 - 2014-10-31 10:20 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-12 21:49 - 2014-10-31 10:20 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 21:49 - 2014-10-31 10:08 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 21:49 - 2014-10-31 09:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-12 21:49 - 2014-10-31 09:35 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-12 21:49 - 2014-10-31 09:29 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-12 21:49 - 2014-10-31 09:15 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-12 21:49 - 2014-10-31 09:14 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-12 21:49 - 2014-10-31 09:02 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-12 21:49 - 2014-10-31 08:54 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-12 21:49 - 2014-10-31 08:48 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-12 21:49 - 2014-10-31 08:43 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-12 21:49 - 2014-10-31 08:42 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-12 21:49 - 2014-10-31 08:41 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-12 21:49 - 2014-10-31 08:16 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-12 21:49 - 2014-10-31 08:16 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-12 21:49 - 2014-10-31 08:10 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-12 21:49 - 2014-10-31 08:09 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-12 21:49 - 2014-10-31 08:00 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-12 21:49 - 2014-10-31 07:47 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-12 21:49 - 2014-10-31 07:43 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-12 21:49 - 2014-10-31 07:41 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-12 21:48 - 2014-10-31 10:42 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-12 21:48 - 2014-10-31 10:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-12 21:48 - 2014-10-31 10:40 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-12 21:48 - 2014-10-31 10:39 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-12 21:48 - 2014-10-31 10:38 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 21:48 - 2014-10-31 10:36 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-12 21:48 - 2014-10-31 10:36 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-12 21:48 - 2014-10-31 10:36 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 21:48 - 2014-10-31 10:35 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-12 21:48 - 2014-10-31 10:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 21:48 - 2014-10-31 10:27 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-12 21:48 - 2014-10-31 10:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-12 21:48 - 2014-10-31 10:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 21:48 - 2014-10-31 10:22 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-12 21:48 - 2014-10-31 10:21 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 21:48 - 2014-10-31 10:21 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 21:48 - 2014-10-31 10:10 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-12 21:48 - 2014-10-31 10:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 21:48 - 2014-10-31 09:59 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-12 21:48 - 2014-10-31 09:59 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-12 21:48 - 2014-10-31 09:58 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-12 21:48 - 2014-10-31 09:55 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-12 21:48 - 2014-10-31 09:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-12 21:48 - 2014-10-31 09:54 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 21:48 - 2014-10-31 09:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-12 21:48 - 2014-10-31 09:51 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-12 21:48 - 2014-10-31 09:49 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-12 21:48 - 2014-10-31 09:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-12 21:48 - 2014-10-31 09:36 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 21:48 - 2014-10-31 09:35 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 21:48 - 2014-10-31 09:33 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-12 21:48 - 2014-10-31 09:12 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-12 21:48 - 2014-10-31 08:58 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-12 21:48 - 2014-10-31 08:58 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-12 21:48 - 2014-10-31 08:57 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-12 21:48 - 2014-10-31 08:56 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-12 21:48 - 2014-10-31 08:55 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-12 21:48 - 2014-10-31 08:54 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-12 21:48 - 2014-10-31 08:54 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-12 21:48 - 2014-10-31 08:53 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-12 21:48 - 2014-10-31 08:53 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-12 21:48 - 2014-10-31 08:52 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-12 21:48 - 2014-10-31 08:50 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 21:48 - 2014-10-31 08:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-12 21:48 - 2014-10-31 08:45 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-12 21:48 - 2014-10-31 08:44 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-12 21:48 - 2014-10-31 08:43 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-12 21:48 - 2014-10-31 08:42 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-12 21:48 - 2014-10-31 08:33 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-12 21:48 - 2014-10-31 08:32 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-12 21:48 - 2014-10-31 08:27 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 21:48 - 2014-10-31 08:26 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-12 21:48 - 2014-10-31 08:26 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-12 21:48 - 2014-10-31 08:26 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-12 21:48 - 2014-10-31 08:23 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-12 21:48 - 2014-10-31 08:23 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-12 21:48 - 2014-10-31 08:22 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-12 21:48 - 2014-10-31 08:21 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-12 21:48 - 2014-10-31 08:20 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-12 21:48 - 2014-10-31 08:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-12 21:48 - 2014-10-31 08:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-12 21:48 - 2014-10-31 08:10 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-12 21:48 - 2014-10-31 07:56 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-12 21:48 - 2014-10-31 07:54 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-12 21:48 - 2014-10-18 15:25 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-12 21:48 - 2014-10-18 13:39 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-12 21:48 - 2014-10-18 13:39 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-12 21:48 - 2014-10-18 12:55 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-12 21:48 - 2014-10-18 12:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-12 21:48 - 2014-10-18 12:08 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-12 21:48 - 2014-10-18 11:57 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-12 21:48 - 2014-10-18 11:56 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-12 21:48 - 2014-10-18 11:53 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 21:48 - 2014-10-18 11:53 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-12 21:48 - 2014-10-18 11:51 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-12 21:48 - 2014-10-18 11:50 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-12 21:48 - 2014-10-18 11:44 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-12 21:48 - 2014-10-18 11:44 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-12 21:48 - 2014-10-18 11:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-12 21:48 - 2014-10-18 11:41 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-12 21:47 - 2014-10-07 11:58 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-12 21:47 - 2014-10-07 11:57 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-12 21:47 - 2014-10-07 11:57 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 21:47 - 2014-10-07 11:57 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-12 21:47 - 2014-10-07 11:57 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-12 21:47 - 2014-10-07 09:04 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-12 21:47 - 2014-10-07 09:04 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-12 21:47 - 2014-10-07 09:03 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-12 21:47 - 2014-10-07 07:24 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 21:47 - 2014-10-07 07:16 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-12 21:47 - 2014-08-23 10:48 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-12 21:47 - 2014-08-23 10:33 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-12 21:44 - 2014-10-23 11:18 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-12 21:44 - 2014-10-23 10:35 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-12 21:44 - 2014-10-07 09:00 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-12 21:44 - 2014-09-10 11:55 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-12 21:44 - 2014-09-08 08:37 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-12 21:44 - 2014-09-05 04:00 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-12 21:44 - 2014-09-05 03:51 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-12 21:44 - 2014-09-04 08:35 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-12 21:44 - 2014-09-04 07:52 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-12 21:44 - 2014-09-04 06:31 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-12 21:44 - 2014-09-04 06:02 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-12 21:44 - 2014-08-31 05:45 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-12 21:44 - 2014-08-31 04:29 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-12 21:44 - 2014-08-31 02:34 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-12 21:44 - 2014-08-31 01:47 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-12 21:44 - 2014-08-28 08:25 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-12 21:44 - 2014-08-28 05:51 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-12 21:44 - 2014-08-28 05:36 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-12 21:44 - 2014-08-23 10:44 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-12 21:44 - 2014-08-23 10:34 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-12 21:44 - 2014-08-23 10:20 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-12 21:43 - 2014-09-08 08:37 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-12 21:43 - 2014-09-08 03:38 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-12 21:43 - 2014-08-31 05:47 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-12 21:43 - 2014-08-31 03:35 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-12 21:43 - 2014-08-31 03:28 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-12 21:43 - 2014-08-31 02:23 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-12 21:43 - 2014-08-02 06:21 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-12 21:43 - 2014-08-02 06:05 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-11-12 21:36 - 2014-11-05 05:08 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-12 21:36 - 2014-11-04 05:40 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-12 21:36 - 2014-10-31 10:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-12 21:36 - 2014-10-31 10:19 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-12 21:36 - 2014-10-31 09:54 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-12 21:36 - 2014-10-17 12:31 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-12 21:36 - 2014-10-17 12:28 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-10 19:55 - 2014-12-04 06:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-10 19:29 - 2014-12-03 23:17 - 00000000 ____D () C:\AdwCleaner
2014-11-10 17:28 - 2014-11-10 17:28 - 00002627 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-10 21:52 - 2013-09-21 13:51 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Roaming\vlc
2014-12-10 21:48 - 2014-03-18 15:23 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-10 21:44 - 2014-08-10 19:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-10 21:33 - 2012-07-26 13:29 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-10 21:30 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-10 21:23 - 2013-09-14 17:44 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3785010019-2192401253-1565588363-1002
2014-12-10 21:18 - 2013-10-03 21:25 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-10 21:15 - 2013-09-14 20:57 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Roaming\uTorrent
2014-12-10 20:18 - 2013-10-03 21:25 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-10 18:10 - 2014-04-26 08:14 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{903D8010-C505-4B7F-BAA5-64E942DFA2BC}
2014-12-10 18:08 - 2014-05-06 12:42 - 00000568 _____ () C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job
2014-12-10 18:06 - 2013-09-25 21:28 - 00000000 __RDO () C:\Users\RADHAKRISHNA\OneDrive
2014-12-10 17:50 - 2014-03-26 10:40 - 00000375 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-12-10 17:50 - 2013-08-22 20:15 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-10 17:50 - 2013-02-20 15:44 - 00003620 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2014-12-10 17:50 - 2012-09-26 23:23 - 00000950 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2014-12-10 17:47 - 2014-11-06 14:02 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2014-12-10 17:47 - 2013-09-14 19:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-10 17:46 - 2013-09-14 19:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 17:41 - 2013-09-19 21:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 17:32 - 2013-09-19 21:55 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-08 10:20 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-06 22:36 - 2014-04-20 21:36 - 00003196 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForRADHAKRISHNA
2014-12-06 22:36 - 2014-04-20 21:36 - 00000368 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForRADHAKRISHNA.job
2014-12-05 22:24 - 2014-03-24 20:43 - 00000000 ____D () C:\BIG STUDIES
2014-12-05 21:19 - 2013-08-22 21:06 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-05 21:19 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-05 10:20 - 2014-09-29 10:30 - 00000000 ____D () C:\Program Files (x86)\National Instruments
2014-12-05 10:19 - 2014-09-29 10:28 - 00000000 ____D () C:\ProgramData\National Instruments
2014-12-04 12:08 - 2013-09-14 17:32 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Roaming\Hewlett-Packard
2014-12-04 06:20 - 2014-04-12 23:22 - 00000000 ____D () C:\Users\RADHAKRISHNA
2014-12-04 06:16 - 2014-11-05 23:01 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-04 06:15 - 2014-11-05 19:32 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Local\HHD Software
2014-12-04 06:15 - 2013-10-03 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-04 06:15 - 2013-09-14 17:37 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Local\Hewlett-Packard
2014-12-04 06:15 - 2012-10-21 02:52 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-04 06:15 - 2012-10-21 02:35 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-12-04 06:07 - 2013-09-14 17:31 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Local\Packages
2014-12-04 06:07 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\registration
2014-12-04 06:03 - 2013-09-14 19:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-04 06:03 - 2013-09-14 19:11 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Local\Google
2014-11-30 20:46 - 2013-10-13 20:38 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-11-30 20:46 - 2013-10-13 20:38 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-30 00:58 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-25 21:07 - 2013-09-14 17:36 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Roaming\Adobe
2014-11-23 19:52 - 2014-03-07 09:35 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Local\gtk-2.0
2014-11-23 19:52 - 2014-02-23 12:02 - 00000000 ____D () C:\Users\RADHAKRISHNA\.gimp-2.8
2014-11-21 19:30 - 2013-09-14 19:45 - 00000000 ___HD () C:\FILES
2014-11-21 13:36 - 2012-10-21 02:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-21 02:21 - 2014-05-15 13:19 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-21 02:21 - 2014-05-15 13:19 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-20 19:57 - 2012-10-21 02:39 - 00000000 ____D () C:\ProgramData\Temp
2014-11-15 23:58 - 2013-08-22 18:55 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-15 23:56 - 2014-07-29 22:23 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-15 23:56 - 2013-08-22 21:06 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-15 23:56 - 2013-08-22 21:06 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-15 23:56 - 2013-08-22 21:06 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-15 23:56 - 2013-08-22 21:06 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-15 20:13 - 2013-10-03 21:25 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 20:13 - 2013-10-03 21:25 - 00003650 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 17:25 - 2013-08-22 20:14 - 00504344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-13 16:05 - 2013-08-22 21:06 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-13 16:05 - 2013-08-22 21:06 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-13 15:58 - 2012-07-26 10:56 - 00000167 _____ () C:\WINDOWS\win.ini
2014-11-11 22:25 - 2013-09-19 18:23 - 00000000 ____D () C:\Users\RADHAKRISHNA\Documents\MATLAB
2014-11-11 21:49 - 2014-02-04 20:45 - 00000000 ____D () C:\Users\RADHAKRISHNA\AppData\Roaming\PowerISO
2014-11-11 21:46 - 2014-11-09 21:41 - 00000000 ____D () C:\ProgramData\itIDmUBZ
2014-11-11 11:49 - 2014-04-13 12:35 - 00000000 ___DC () C:\WINDOWS\Panther
2014-11-10 19:29 - 2014-11-09 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-11-10 17:28 - 2014-11-09 20:51 - 00000000 ____D () C:\ProgramData\Symantec
2014-11-10 17:28 - 2014-11-09 20:51 - 00000000 ____D () C:\Program Files (x86)\Norton Ghost
2014-11-10 17:27 - 2014-11-09 20:51 - 00000000 ____D () C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-10 18:01
 
==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 10 December 2014 - 02:32 PM




Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

SearchScopes: HKU\S-1-5-21-3785010019-2192401253-1565588363-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA39F2378-39AC-40C2-8EA0-7536C3407277&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3785010019-2192401253-1565588363-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA39F2378-39AC-40C2-8EA0-7536C3407277&q={searchTerms}&SSPV=
Toolbar: HKU\S-1-5-21-3785010019-2192401253-1565588363-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin HKU\S-1-5-21-3785010019-2192401253-1565588363-1002: ubisoft.com/uplaypc -> C:\FILES\games\Assassins Creed III\UplayMedia\npuplaypc.dll No File
CHR Extension: (Google Wallet) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (No Name) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (No Name) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-11]
S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X]
U4 BthAvrcpTg; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:AF4CCAAD
AlternateDataStreams: C:\Users\Public\DRM:احتضان

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===


Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 BRK1

BRK1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 11 December 2014 - 01:14 AM

FixLog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2014 01
Ran by RADHAKRISHNA at 2014-12-11 11:22:29 Run:1
Running from C:\Users\RADHAKRISHNA\Desktop
Loaded Profile: RADHAKRISHNA (Available profiles: RADHAKRISHNA)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
SearchScopes: HKU\S-1-5-21-3785010019-2192401253-1565588363-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA39F2378-39AC-40C2-8EA0-7536C3407277&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3785010019-2192401253-1565588363-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA39F2378-39AC-40C2-8EA0-7536C3407277&q={searchTerms}&SSPV=
Toolbar: HKU\S-1-5-21-3785010019-2192401253-1565588363-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin HKU\S-1-5-21-3785010019-2192401253-1565588363-1002: ubisoft.com/uplaypc -> C:\FILES\games\Assassins Creed III\UplayMedia\npuplaypc.dll No File
CHR Extension: (Google Wallet) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (No Name) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (No Name) - C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-11]
S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X]
U4 BthAvrcpTg; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:AF4CCAAD
AlternateDataStreams: C:\Users\Public\DRM:احتضان
 
End
*****************
 
Processes closed successfully.
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => Key deleted successfully.
"HKU\S-1-5-21-3785010019-2192401253-1565588363-1002\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
C:\FILES\games\Assassins Creed III\UplayMedia\npuplaypc.dll not found.
C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Users\RADHAKRISHNA\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
NIApplicationWebServer64 => Service deleted successfully.
BthAvrcpTg => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
C:\ProgramData\Temp => ":AF4CCAAD" ADS removed successfully.
C:\Users\Public\DRM => ":احتضان" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
checkup.txt:
 

 Results of screen317's Security Check version 0.99.92  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader XI  
 Google Chrome (39.0.2171.65) 
 Google Chrome (39.0.2171.71) 
````````Process Check: objlist.exe by Laurent````````
 Windows Defender MSMpEng.exe 
 Windows Defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
 
i think its no longer coming now.
i coudn't find any text enhancing and neither are the popups coming up when i right click.
thank you for all the help.
what exactly was this virus/malware  and could you help me get rid of the same thing from my pc and my mobile  too.
 

Edited by BRK1, 11 December 2014 - 07:45 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 11 December 2014 - 08:51 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

As for your other PC you need to create a new topic.
We do not service two different computers in the same topic.

When created Run the Farbar tool and the AdwCleaner.
Post these logs.

Post the URL here on your next reply and I will expedite the matter.

===

For you phone create a new topic in the Cell Phone forum.
http://www.bleepingcomputer.com/forums/f/175/cell-phones/

This is not my forte.

#7 BRK1

BRK1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 13 December 2014 - 12:16 AM

hey i posted them sorry for taking sometime but didn't have direct access to the pc  

link to the same :http://www.bleepingcomputer.com/forums/t/559674/russian-pop-upredirect-virus-on-pc/?p=3566531

i had to post it as many replies as it kept saying the post was too long



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:21 PM

Posted 19 December 2014 - 09:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users