Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus , Malware - Internet website redirects


  • This topic is locked This topic is locked
2 replies to this topic

#1 tbs979

tbs979

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 06 January 2015 - 06:33 PM

Hi,
 
I think my system is totally corrupted with Virus , malware and it keeps on doing multiple website redirects all the time.
 
Could anyone of the guru's help me to resolve the problem.
 
Attaching the FRST and addition file providing additional details. 
 
 
Thanks
TBS

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-01-2015
Ran by Bhavani at 2015-01-02 15:37:25
Running from C:\Users\Bhavani\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (HKLM-x32\...\BrowserSafeguard) (Version: - BrowserSafeguard with RocketTab) <==== ATTENTION
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)
ConVertsPDF (HKLM-x32\...\{734E01CA-17DF-C45B-9082-D4D09732D089}) (Version: - ConveritsPDF)
DNE Update (HKLM\...\{FA46416D-1FCB-44A5-B01C-961C29881F1B}) (Version: 4.16.2.18640 - Deterministic Networks, Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Information (HKLM-x32\...\Information) (Version: 1.34.3.28 - VisualBee)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java™ 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217000FF}) (Version: 7.0.0 - Oracle)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10230 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1101859846-3917019447-4037826427-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML4.0 redistributable (HKLM-x32\...\{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}) (Version: 4.0.0.0 - SAP)
Norton Zone (HKLM-x32\...\NZ) (Version: 1.2.0.4 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PC Fix Speed 1.2.0.52 (HKLM-x32\...\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1) (Version: 1.2.0.52 - Crawler, LLC) <==== ATTENTION
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.229 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Reliance Netconnect+ (HKLM-x32\...\Reliance Netconnect+) (Version: 21.005.11.04.114 - Huawei Technologies Co.,Ltd)
SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.30 - SAP AG)
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 1 - SAP)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
SkypeTalking 0.9.6 (HKLM-x32\...\SkypeTalking_is1) (Version: 0.9.6 - Hrvoje Katić)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
SuperManCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - SuperManCoupon) <==== ATTENTION
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-1101859846-3917019447-4037826427-1001\...\VisualBee for Microsoft PowerPoint) (Version: V4.1 - VisualBee.com)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1101859846-3917019447-4037826427-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Bhavani\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1101859846-3917019447-4037826427-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Bhavani\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1101859846-3917019447-4037826427-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Bhavani\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1101859846-3917019447-4037826427-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bhavani\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

10-11-2014 09:01:23 Windows Update
06-12-2014 16:26:39 Checkpoint by HitmanPro
15-12-2014 16:30:22 Windows Update
02-01-2015 15:16:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FCC1F77-8C58-4F69-A3F8-505C79203525} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {2373A8F9-2DA5-48A7-B268-5A1DA9E4047B} - System32\Tasks\{BCE10769-5AEE-4B47-9BE2-5BB064D22133} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe" -d C:\WINDOWS\system32 -c PROGRESSAGENT
Task: {32DCC35E-9EF7-4F24-9431-54455B8C3560} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-02] (Microsoft Corporation)
Task: {3CAC611A-EFD4-4888-A80D-A490BCBD4BB0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {3E603E56-F8BB-43CA-A09B-DDF360D5174A} - System32\Tasks\Norton Zone\Norton Error Processor => C:\Program Files (x86)\Norton Zone\Engine\1.2.0.4\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {49403BF0-B834-4F13-AC11-E315C3701565} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {6F99AB26-E13C-4094-A013-58C0E607B1B5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {7D0B3BC9-D68F-4FE2-8629-0B16082C05F8} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {7F6801BD-34E1-48E9-A04C-929044A7FEE7} - System32\Tasks\Norton Zone\Norton Error Analyzer => C:\Program Files (x86)\Norton Zone\Engine\1.2.0.4\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {7F84389B-3B51-4073-BF08-6A01AF2D1E96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-13] (Google Inc.)
Task: {995DB57C-2649-49FC-AD77-8B98EA3963ED} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {A36EFF6C-1D23-4D24-88E3-D3BC5FD5FA02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-13] (Google Inc.)
Task: {F1EF6F21-5AD0-4998-9859-F3A5B66C5AC5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F356220F-A3DB-4C96-9E68-B525FDDC009B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {FAD07E8B-C591-4B08-A849-77322A1ED5BB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {FE06767B-285C-47CA-9455-F9ADA82FFE15} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-19 08:37 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-03-14 07:27 - 2011-03-14 07:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-12-16 11:18 - 2013-12-16 10:10 - 00218624 _____ () C:\ProgramData\Reliance Netconnect+\OnlineUpdate\ouc.exe
2013-08-26 14:31 - 2013-08-26 14:31 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-08-26 14:31 - 2013-08-26 14:31 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-12-06 15:55 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-04-25 22:25 - 2013-04-17 15:59 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-10 04:18 - 2013-10-10 04:18 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-12-16 10:11 - 2013-12-16 10:10 - 00011362 _____ () C:\ProgramData\Reliance Netconnect+\OnlineUpdate\mingwm10.dll
2013-12-16 10:11 - 2013-12-16 10:10 - 00043008 _____ () C:\ProgramData\Reliance Netconnect+\OnlineUpdate\libgcc_s_dw2-1.dll
2013-12-16 10:11 - 2013-12-16 10:10 - 02415104 _____ () C:\ProgramData\Reliance Netconnect+\OnlineUpdate\QtCore4.dll
2013-12-16 10:11 - 2013-12-16 10:10 - 01148416 _____ () C:\ProgramData\Reliance Netconnect+\OnlineUpdate\QtNetwork4.dll
2014-12-15 16:04 - 2014-01-07 20:57 - 38594376 ____R () C:\Program Files (x86)\Norton Zone\Engine\1.2.0.4\libcef.dll
2013-09-13 22:51 - 2013-09-13 22:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-13 22:50 - 2013-09-13 22:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-26 14:04 - 2012-07-18 05:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-10-04 23:16 - 2014-09-22 20:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-10-04 23:16 - 2014-09-22 20:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-10-04 23:16 - 2014-09-22 20:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-10-04 23:16 - 2014-09-22 20:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-10-04 23:16 - 2014-09-22 20:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-10-04 23:16 - 2014-09-22 20:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Bhavani\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1101859846-3917019447-4037826427-500 - Administrator - Disabled)
Bhavani (S-1-5-21-1101859846-3917019447-4037826427-1001 - Administrator - Enabled) => C:\Users\Bhavani
Guest (S-1-5-21-1101859846-3917019447-4037826427-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 03:10:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/02/2015 03:10:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/02/2015 01:49:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14782

Error: (01/02/2015 01:49:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14782

Error: (01/02/2015 01:49:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/02/2015 01:16:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/02/2015 01:16:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/15/2014 04:04:54 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpSendRequest call failed, Win32 ErrorCode=12029

Error: (12/15/2014 04:04:53 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpSendRequest call failed, Win32 ErrorCode=12029

Error: (12/15/2014 04:04:52 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpSendRequest call failed, Win32 ErrorCode=12029


System errors:
=============
Error: (01/02/2015 03:30:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Internet Explorer Flash Player for Windows 8.1 for x64-based Systems (KB3008925).

Error: (01/02/2015 03:30:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 8.1 for x64-based Systems (KB2976978).

Error: (01/02/2015 03:30:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 8.1 for x64-based Systems (KB3008242).

Error: (01/02/2015 03:30:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 8.1 for x64-based Systems (KB3013126).

Error: (01/02/2015 03:30:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 8.1 for x64-based Systems (KB3013410).

Error: (01/02/2015 03:30:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Internet Explorer 11 for Windows 8.1 for x64-based Systems (KB3025390).

Error: (01/02/2015 03:30:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 8.1 for x64-based Systems (KB3012199).

Error: (01/02/2015 03:05:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.9 service failed to start due to the following error:
%%2

Error: (01/02/2015 03:05:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.5 service failed to start due to the following error:
%%2

Error: (01/02/2015 03:05:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Reliance Netconnect. OUC service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (01/02/2015 03:10:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (01/02/2015 03:10:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (01/02/2015 01:49:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14782

Error: (01/02/2015 01:49:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14782

Error: (01/02/2015 01:49:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/02/2015 01:16:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (01/02/2015 01:16:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (12/15/2014 04:04:54 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpSendRequest call failed, Win32 ErrorCode=12029

Error: (12/15/2014 04:04:53 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpSendRequest call failed, Win32 ErrorCode=12029

Error: (12/15/2014 04:04:52 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpSendRequest call failed, Win32 ErrorCode=12029


CodeIntegrity Errors:
===================================
Date: 2014-11-06 19:39:08.683
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-11-06 19:39:08.574
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-10-23 21:41:01.093
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-10-23 21:41:00.796
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-10-10 21:28:09.702
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-10 21:28:09.608
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-10 21:26:56.142
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-10-10 21:26:56.063
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-10-08 08:32:01.323
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-08 08:32:01.229
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 33%
Total physical RAM: 8057.77 MB
Available physical RAM: 5345.29 MB
Total Pagefile: 16761.77 MB
Available Pagefile: 14146.7 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:890.82 GB) (Free:817.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:19.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 30CFC5CB)

Partition: GPT Partition Type.

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2015
Ran by Bhavani (administrator) on IDEA-PC on 02-01-2015 15:35:44
Running from C:\Users\Bhavani\Desktop
Loaded Profile: Bhavani (Available profiles: Bhavani)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\1.2.0.4\nz.exe
() C:\ProgramData\Reliance Netconnect+\OnlineUpdate\ouc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\1.2.0.4\nz.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.19-delta.exe
(Microsoft Corporation) C:\ae7e9157bfef353b557d2c4cad10e1\mrtstub.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-23] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-04] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-08-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-08-26] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252136 2011-05-04] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-13] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1101859846-3917019447-4037826427-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1101859846-3917019447-4037826427-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1101859846-3917019447-4037826427-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs: C:\Users\Bhavani\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\Bhavani\AppData\Local\Linkey\IEEXTE~1\iedll64.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1NZOverlayExcluded] -> {32427327-aea5-4bef-811a-b1bd00daf4b4} => C:\Program Files (x86)\Norton Zone\Engine64\1.2.0.4\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [1NZOverlayPending] -> {2cfec48b-08ec-4361-8575-7c0da17ab7a5} => C:\Program Files (x86)\Norton Zone\Engine64\1.2.0.4\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [1NZOverlaySynced] -> {a9e700bc-92b0-403e-96b3-b87b06ff9d3a} => C:\Program Files (x86)\Norton Zone\Engine64\1.2.0.4\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1101859846-3917019447-4037826427-1001] => http=127.0.0.1:52592;https=127.0.0.1:52592
HKU\S-1-5-21-1101859846-3917019447-4037826427-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1101859846-3917019447-4037826427-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\S-1-5-21-1101859846-3917019447-4037826427-1001 -> {C8C8FE60-4902-477C-AC3D-60A195E4C0FD} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SaLesMagnnEt -> {AC712449-4095-83BB-4707-E94109FC944D} -> C:\ProgramData\SaLesMagnnEt\avmsTf.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: websaver -> {CF54A07D-B741-2363-16C8-23A84AE10170} -> C:\ProgramData\websaver\0uJqPFAX.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: RooyaloCoiupon -> {DE571005-CAE8-5AB1-72D1-1BF469A63919} -> C:\ProgramData\RooyaloCoiupon\vQzbtudlEt.x64.dll No File
BHO: ROyaalCOuponu -> {FD55DA5D-C781-F3CB-2AB8-FEC7065293FB} -> C:\ProgramData\ROyaalCOuponu\QwBb56.x64.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: SaLesMagnnEt -> {AC712449-4095-83BB-4707-E94109FC944D} -> C:\ProgramData\SaLesMagnnEt\avmsTf.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RooyaloCoiupon -> {DE571005-CAE8-5AB1-72D1-1BF469A63919} -> C:\ProgramData\RooyaloCoiupon\vQzbtudlEt.dll No File
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.92.65

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Bhavani\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bhavani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Bhavani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (YouTube) - C:\Users\Bhavani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Google Search) - C:\Users\Bhavani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Skype Click to Call) - C:\Users\Bhavani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-06]
CHR Extension: (Gmail) - C:\Users\Bhavani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-13] (Windows ® Win 7 DDK provider)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NZ; C:\Program Files (x86)\Norton Zone\Engine\1.2.0.4\NZ.exe [522592 2014-01-14] (Symantec Corporation)
S2 Reliance Netconnect. RunOuc; C:\Program Files (x86)\Reliance Netconnect+\UpdateDog\ouc.exe [218624 2013-12-16] () [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-08-26] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-13] (Atheros) [File not signed]
S2 vToolbarUpdater18.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-13] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NZ; C:\Windows\system32\drivers\NZx64\0102000.004\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 DNE; C:\Windows\system32\DRIVERS\dnelwf64.sys [133456 2013-10-03] (Citrix Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243144 2013-04-23] (Realtek Semiconductor Corp.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 15:35 - 2015-01-02 15:35 - 00022735 _____ () C:\Users\Bhavani\Desktop\FRST.txt
2015-01-02 15:35 - 2015-01-02 15:35 - 00000000 ____D () C:\FRST
2015-01-02 15:34 - 2015-01-02 15:34 - 02123264 _____ (Farbar) C:\Users\Bhavani\Desktop\FRST64.exe
2015-01-02 15:31 - 2015-01-02 15:31 - 00729608 _____ () C:\Users\Bhavani\Downloads\Setup.exe
2015-01-02 15:30 - 2015-01-02 15:30 - 00000000 ____D () C:\ae7e9157bfef353b557d2c4cad10e1
2015-01-02 13:45 - 2015-01-02 13:45 - 00688992 _____ (Swearware) C:\Users\Bhavani\Desktop\dds.com
2015-01-02 13:08 - 2015-01-02 13:09 - 00852544 _____ () C:\WINDOWS\Minidump\010215-149109-01.dmp
2014-12-15 16:03 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-15 16:03 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-15 16:03 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-15 16:03 - 2014-11-21 18:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-15 16:03 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-15 16:03 - 2014-11-21 18:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-15 16:03 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-15 16:03 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-15 16:03 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-15 16:03 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-15 16:03 - 2014-11-21 18:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-15 16:03 - 2014-11-21 18:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-15 16:03 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-15 16:03 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-15 16:03 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-15 16:03 - 2014-11-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-15 16:03 - 2014-11-21 17:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-15 16:03 - 2014-11-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-15 16:03 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-15 16:03 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-15 16:03 - 2014-11-21 17:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-15 16:03 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-15 16:03 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-15 16:03 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-15 16:03 - 2014-11-21 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-15 16:03 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-15 16:03 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-15 16:03 - 2014-11-21 17:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-15 16:03 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-15 16:03 - 2014-11-21 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-15 16:03 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-15 16:03 - 2014-11-21 17:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-15 16:03 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-15 16:03 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-15 16:03 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-15 16:03 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-15 16:03 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-15 16:03 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-15 16:03 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-15 15:49 - 2014-12-15 15:49 - 00000000 ____D () C:\ProgramData\Energy Management
2014-12-15 15:43 - 2014-12-15 15:43 - 00717672 _____ () C:\WINDOWS\Minidump\121514-45375-01.dmp
2014-12-06 16:53 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-12-06 16:53 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-12-06 16:53 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-12-06 16:53 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-12-06 16:50 - 2014-12-06 16:50 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-06 16:42 - 2014-12-15 19:34 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-06 16:42 - 2014-12-06 16:46 - 00001089 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-06 16:42 - 2014-12-06 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-06 16:42 - 2014-12-06 16:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-06 16:42 - 2014-12-06 16:42 - 02153472 _____ () C:\Users\Bhavani\Downloads\AdwCleaner.exe
2014-12-06 16:42 - 2014-12-06 16:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-06 16:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-06 16:42 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-06 16:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-06 16:40 - 2014-12-06 16:40 - 19828904 _____ (Malwarebytes Corporation ) C:\Users\Bhavani\Downloads\mbam-setup.exe
2014-12-06 16:28 - 2014-12-06 16:28 - 00036400 _____ () C:\WINDOWS\system32\.crusader
2014-12-06 16:15 - 2014-12-06 16:58 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-06 16:11 - 2014-12-06 16:11 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Bhavani\Downloads\tdsskiller.exe
2014-12-06 16:10 - 2014-12-06 16:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-06 16:09 - 2014-12-06 16:10 - 11222744 _____ (SurfRight B.V.) C:\Users\Bhavani\Downloads\HitmanPro_x64.exe
2014-12-06 16:04 - 2014-12-06 16:04 - 00000000 __SHD () C:\Users\Bhavani\AppData\Local\EmieBrowserModeList
2014-12-06 15:59 - 2015-01-02 13:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Zone
2014-12-06 15:57 - 2015-01-02 13:09 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NZx64
2014-12-06 15:57 - 2015-01-02 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Zone
2014-12-06 15:57 - 2014-12-06 15:58 - 00000000 ____D () C:\ProgramData\Norton
2014-12-06 15:57 - 2014-12-06 15:57 - 00000000 ____D () C:\Program Files (x86)\Norton Zone
2014-12-06 15:43 - 2014-10-29 16:55 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-06 15:43 - 2014-10-29 16:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 15:34 - 2014-02-03 20:44 - 01236884 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-02 15:32 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-02 15:30 - 2013-11-05 15:21 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-02 15:30 - 2013-11-05 15:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-02 15:24 - 2014-02-03 23:24 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{32438DAE-B911-4AD6-AE39-6345BF0C9FC2}
2015-01-02 15:16 - 2013-11-03 12:37 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1101859846-3917019447-4037826427-1001
2015-01-02 15:12 - 2014-05-13 12:07 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 15:12 - 2014-05-13 12:07 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 15:10 - 2013-11-13 23:28 - 00005598 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-02 15:10 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-02 15:08 - 2014-10-04 23:16 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-02 15:07 - 2014-02-03 21:57 - 00000000 __RDO () C:\Users\Bhavani\SkyDrive
2015-01-02 15:05 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-02 13:56 - 2013-11-13 23:20 - 00040500 _____ () C:\WINDOWS\PFRO.log
2015-01-02 13:55 - 2013-11-03 13:17 - 18771534 _____ () C:\Users\Public\CAFADEBUG.log
2015-01-02 13:55 - 2013-08-26 14:31 - 00008704 _____ () C:\WINDOWS\system32\VfService.trf
2015-01-02 13:55 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-02 13:48 - 2014-02-03 20:28 - 00000000 ____D () C:\Users\Bhavani
2015-01-02 13:29 - 2014-02-07 06:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-01-02 13:23 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-02 13:07 - 2014-04-12 11:21 - 4154581377 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-02 13:07 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-15 19:34 - 2014-04-08 17:54 - 00000000 ____D () C:\Users\Bhavani\AppData\Roaming\Skype
2014-12-15 15:43 - 2014-04-12 11:22 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-06 17:01 - 2014-11-06 13:45 - 00000000 ____D () C:\AdwCleaner
2014-12-06 16:54 - 2013-08-26 14:33 - 00002141 _____ () C:\Users\Public\Desktop\OneKey Recovery.lnk
2014-12-06 16:28 - 2014-05-05 13:47 - 00000000 ____D () C:\ProgramData\ConVertsPDF
2014-12-06 15:55 - 2014-02-19 11:42 - 00000097 _____ () C:\Users\Bhavani\Desktop\pwd.txt
2014-12-06 15:42 - 2013-08-22 06:44 - 00486608 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Bhavani\AppData\Local\Temp\airC2C2.exe
C:\Users\Bhavani\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Bhavani\AppData\Local\Temp\oi_{A953A16C-B260-4CBB-9F28-15D0FE16EE1E}.exe
C:\Users\Bhavani\AppData\Local\Temp\Quarantine.exe
C:\Users\Bhavani\AppData\Local\Temp\SendMsg.dll
C:\Users\Bhavani\AppData\Local\Temp\sqlite3.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite10436.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite10626.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite10807.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite10902.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite11313.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite11657.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite11914.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite12336.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite12399.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite12814.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite12919.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite14193.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite15068.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite15207.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite15848.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite15877.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite17394.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite19595.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite19798.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite20021.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite20279.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite20507.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite21525.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite21591.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite22612.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite23838.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite25079.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite26044.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite26618.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite27136.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite27430.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite27774.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite28334.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite28718.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite28849.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite29861.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite30039.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite30068.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite30568.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite30873.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite31080.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite33494.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite34069.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite34189.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite35603.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite35694.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite35719.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite35723.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite36560.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite37356.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite37498.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite38174.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite38190.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite38880.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite39426.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite39473.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite39640.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite40529.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite41127.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite41518.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite44305.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite44978.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite47226.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite49430.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite50074.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite50216.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite51099.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite52024.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite52619.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite53737.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite55901.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite56310.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite56515.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite57081.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite57476.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite57719.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite59020.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite59743.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite60447.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite61628.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite63751.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite64368.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite65831.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite66013.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite67670.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite67968.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite68263.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite68699.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite69285.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite69318.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite69795.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite69844.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite70699.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite72105.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite74882.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite75527.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite75820.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite76460.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite76654.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite76824.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite77330.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite77441.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite77872.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite78965.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite79613.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite79883.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite81544.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite81698.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite83169.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite85091.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite86064.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite87150.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite87185.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite87351.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite87596.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite88818.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite88884.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite90141.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite90251.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite90446.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite90686.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite90964.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite92615.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite92934.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite93995.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite95112.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite95483.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite95671.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite97168.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite97963.dll
C:\Users\Bhavani\AppData\Local\Temp\System.Data.SQLite98525.dll
C:\Users\Bhavani\AppData\Local\Temp\vbmz5.exe
C:\Users\Bhavani\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 16:30

==================== End Of Log ============================

Attached Files


Edited by Machiavelli, 07 January 2015 - 04:41 PM.


BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:07 AM

Posted 07 January 2015 - 04:50 PM

Hey my friend, :)
 

CHR dev: Chrome dev build detected! <======= ATTENTION


That means that you have to reinstall Chrome. Please do so. ;)

Step 1: Uninstalls

We need to remove programs using "Programs and Features"

Open Computer and click on the "Computer" tab, then click on Uninstall or Change a Program.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking the below entries and selecting "Remove":

BrowserSafeguard with RocketTab
PC Fix Speed 1.2.0.52
SuperManCoupon


Additional instructions can be found here if needed.

Step 2: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\Users\Bhavani\SkyDrive:ms-properties
    HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
    AppInit_DLLs: C:\Users\Bhavani\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\Bhavani\AppData\Local\Linkey\IEEXTE~1\iedll64.dll File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ProxyServer: [S-1-5-21-1101859846-3917019447-4037826427-1001] => http=127.0.0.1:52592;https=127.0.0.1:52592
    SearchScopes: HKU\S-1-5-21-1101859846-3917019447-4037826427-1001 -> {C8C8FE60-4902-477C-AC3D-60A195E4C0FD} URL =
    BHO: SaLesMagnnEt -> {AC712449-4095-83BB-4707-E94109FC944D} -> C:\ProgramData\SaLesMagnnEt\avmsTf.x64.dll No File
    BHO: websaver -> {CF54A07D-B741-2363-16C8-23A84AE10170} -> C:\ProgramData\websaver\0uJqPFAX.x64.dll No File
    BHO: RooyaloCoiupon -> {DE571005-CAE8-5AB1-72D1-1BF469A63919} -> C:\ProgramData\RooyaloCoiupon\vQzbtudlEt.x64.dll No File
    BHO: ROyaalCOuponu -> {FD55DA5D-C781-F3CB-2AB8-FEC7065293FB} -> C:\ProgramData\ROyaalCOuponu\QwBb56.x64.dll No File
    BHO-x32: SaLesMagnnEt -> {AC712449-4095-83BB-4707-E94109FC944D} -> C:\ProgramData\SaLesMagnnEt\avmsTf.dll No File
    BHO-x32: RooyaloCoiupon -> {DE571005-CAE8-5AB1-72D1-1BF469A63919} -> C:\ProgramData\RooyaloCoiupon\vQzbtudlEt.dll No File
    Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll No File
    Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll No File
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll No File
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
    S2 vToolbarUpdater18.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [X]
    S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 3: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

    Step 4: Junkware Removal Tool

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 5: Malwarebytes

    Please download Malwarebytes' Anti-Malware from Here or Here
    • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
    • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
      MBAM1_zps65d773c0.png
    • If an update is found, it will download and install the latest updates automatically:
      MBAM2_zps52e3211b.png
    • Now select the Settings tab, and check the box next to Scan for rootkits:
      MBAM3_zps83324155.png
    • Go back to the Dashboard tab, and click the Scan Now button:
      MBAM4_zpse3cd4a79.png
    • The scan may take some time to finish,so please be patient.
      MBAM5_zps36d7537b.png
    • When the scan is complete, it will show you the results. (This one is clean):
      MBAM65_zpsb0aa143c.png
    • Make sure that everything is checked, and click Quarantine All (or similar).
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
      MBAM7_zps782405f0.png
    • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
      MBAM9_zps1f87702b.png
    • Choose the latest Scan Log, and click on the View button:
      MBAM10_zps5a48f689.png
    • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
      MBAM8_zpsad402941.png
    • Copy & Paste the entire contents of the report log in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.

    Step 6: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:07 AM

Posted 11 January 2015 - 08:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users