Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to remove viruses left after using combofix.exe


  • This topic is locked This topic is locked
5 replies to this topic

#1 shubham hingonia

shubham hingonia

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 25 January 2015 - 07:48 AM

ComboFix 15-01-22.02 - ritvik 01/25/2015  17:17:57.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.2046.1235 [GMT 5.5:30]
Running from: c:\users\ritvik\Downloads\ComboFix.exe
AV: AVG AntiVirus 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Quick Heal Total Security 2013 *Disabled/Outdated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}
FW: Quick Heal Firewall *Enabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634}
SP: AVG AntiVirus 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Quick Heal Total Security 2013 *Disabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ricky\Documents\~ytB53.tmp
c:\users\ritvik\Documents\~ytB9CD.tmp
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Service_NEWDRIVER
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-25 to 2015-01-25  )))))))))))))))))))))))))))))))
.
.
2015-01-25 11:56 . 2015-01-25 11:56 -------- d--h--w- c:\users\ritvik\ScStore
2015-01-25 11:54 . 2015-01-25 11:59 -------- d-----w- c:\users\ritvik\AppData\Local\temp
2015-01-25 11:54 . 2015-01-25 11:54 -------- d-----w- c:\users\ricky\AppData\Local\temp
2015-01-25 11:54 . 2015-01-25 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-25 09:43 . 2015-01-25 09:43 -------- d--h--w- c:\users\ricky\ScStore
2015-01-23 06:50 . 2015-01-23 06:50 -------- d-----w- c:\users\ricky\AppData\Roaming\AVG2015
2015-01-23 06:49 . 2015-01-23 06:49 -------- d-----w- c:\users\ricky\AppData\Local\Avg2015
2015-01-22 12:31 . 2015-01-22 12:31 -------- d-----w- c:\users\ritvik\AppData\Roaming\AVG2015
2015-01-22 12:29 . 2015-01-22 12:31 -------- d-----w- c:\programdata\AVG2015
2015-01-22 12:29 . 2015-01-22 12:29 -------- d-----w- c:\program files\AVG
2015-01-22 12:18 . 2015-01-22 13:03 -------- d-----w- c:\users\ritvik\AppData\Local\Avg2015
2015-01-21 14:11 . 2015-01-21 14:11 -------- d-----w- c:\users\ricky\.android
2015-01-18 14:47 . 2015-01-18 14:47 -------- d-----w- c:\users\ritvik\AppData\Local\Razer
2015-01-18 14:36 . 2015-01-18 14:36 -------- d-----w- c:\programdata\Razer
2015-01-18 14:36 . 2015-01-18 14:36 -------- d-----w- c:\program files\Razer
2015-01-12 15:06 . 2015-01-19 15:13 -------- d-----w- c:\programdata\NCH Software
2015-01-12 15:05 . 2015-01-19 15:13 -------- d-----w- c:\users\ricky\AppData\Roaming\NCH Software
2015-01-11 07:47 . 2015-01-11 07:47 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2015-01-07 07:46 . 2015-01-07 07:46 -------- d-----w- c:\program files\NewSoftware's
2015-01-07 07:42 . 2015-01-07 07:42 -------- d-----w- c:\program files\Settings Manager
2015-01-07 07:42 . 2015-01-07 07:42 -------- d-----w- c:\programdata\smdmf
2014-12-27 09:07 . 2014-12-27 09:07 -------- d-----w- c:\programdata\BlueStacks
2014-12-27 09:07 . 2014-12-27 09:07 -------- d-----w- c:\program files\BlueStacks
2014-12-27 09:05 . 2014-12-27 09:05 -------- d-----w- c:\users\ritvik\AppData\Local\Bluestacks
2014-12-27 09:00 . 2015-01-25 10:42 -------- d-----w- c:\users\ricky\AppData\Roaming\vlc
2014-12-27 08:25 . 2014-12-27 08:25 -------- d-----w- c:\users\ricky\AppData\Roaming\AVG2014
2014-12-27 08:25 . 2014-12-27 09:06 -------- d-----w- c:\users\ricky\AppData\Local\Adobe
2014-12-27 08:25 . 2015-01-08 07:26 -------- d-----w- c:\users\ricky\AppData\Local\Avg2014
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-23 08:13 . 2014-12-23 08:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50CE6A83-198D-405F-9B7E-A0D8A99010E5}\offreg.dll
2014-12-08 15:55 . 2014-12-08 15:55 208152 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-11-18 16:11 . 2014-11-18 16:11 154904 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-28 12:11 . 2014-06-28 12:02 4188160 ----a-w- c:\program files\GUT7455.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2013-06-20 687336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Quick Heal Core UI"="c:\program files\Quick Heal\Quick Heal Total Security\strtupap.exe" [2012-08-03 161264]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2014-10-08 843480]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-12-18 3667472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\ScDetour.Dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli ScSecAuth
.
R0 mscank;mscank;c:\windows\system32\DRIVERS\mscank.sys [2012-07-27 33136]
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 catflt;catflt;c:\windows\system32\DRIVERS\catflt.sys [2012-07-27 40432]
R2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2012-07-27 206320]
R2 Online Protection System;Online Protection System;c:\program files\Quick Heal\Quick Heal Total Security\opssvc.exe [2012-07-27 25584]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2012-09-26 17408]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-07-07 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [2012-11-13 14416]
R4 aswSP;aswSP; [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-11-18 154904]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-12-08 208152]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
S1 wsnf;Network Filter Driver;c:\windows\system32\DRIVERS\wsnf.sys [2012-07-09 38856]
S1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2012-08-05 68448]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-17 171600]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-10-08 112344]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2014-10-08 388824]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2014-10-08 782040]
S2 Core Mail Protection;Core Mail Protection;c:\program files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [2012-07-27 29680]
S2 Core Scanning Server;Core Scanning Server;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2012-07-27 206320]
S2 EMLSS;EMLSS;c:\windows\system32\drivers\emltdi.sys [2012-08-03 29424]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-09-27 100256]
S2 Quick Update Service;Quick Update Service;c:\program files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [2012-07-27 91120]
S2 ScSecSvc;Core Browsing Protection;c:\program files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [2012-08-14 306656]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-12 21096]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-12 25448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-22 11:16 1086280 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.91\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-10 05:55]
.
2015-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-10 05:55]
.
2015-01-24 c:\windows\Tasks\Quick Heal AntiMalware Scan.job
- c:\program files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [2012-07-27 07:51]
.
2015-01-24 c:\windows\Tasks\Resume Quickup Download.job
- c:\program files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2012-07-27 07:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.default-search.net?sid=492&aid=319&itype=n&ver=14963&tm=585&src=hmp
uDefault_Search_URL = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-TornTv Downloader - c:\users\ritvik\AppData\Roaming\TornTV.com\Torntv Downloader.exe
HKLM-Run-mbot_in_113 - (no file)
c:\users\ritvik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk - c:\users\ritvik\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
AddRemove-VideoDimmer - c:\programdata\VideoDimmer\uninstall.exe
AddRemove-WindowsMangerProtect - c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(8928)
c:\windows\system32\dxp.dll
c:\windows\System32\pnidui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2015\avgrsx.exe
c:\program files\AVG\AVG2015\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
c:\program files\AVG\AVG2015\avgnsx.exe
c:\program files\AVG\AVG2015\avgemcx.exe
c:\windows\System32\Narrator.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2015-01-25  17:32:34 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-25 12:02
.
Pre-Run: 65,161,093,120 bytes free
Post-Run: 64,939,560,960 bytes free
.
- - End Of File - - FFE673D5BDF59E3C7C1721A83A171A29
A36C5E4F47E84449FF07ED3517B43A31

Edited by Queen-Evie, 25 January 2015 - 10:53 AM.
moved from WIndows 7 to Malware Removal Logs. Combofix logs are allowed only in Malware Removal Logs forum


BC AdBot (Login to Remove)

 


#2 shubham hingonia

shubham hingonia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 25 January 2015 - 08:00 AM

plzz help ?? any reply ?? 

 



#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:16 PM

Posted 25 January 2015 - 02:13 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 shubham hingonia

shubham hingonia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 26 January 2015 - 02:21 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by ritvik (administrator) on VICKY-PC on 26-01-2015 12:48:42
Running from C:\Users\ritvik\Downloads
Loaded Profiles: ritvik (Available profiles: ritvik & ricky)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
(HP) C:\Windows\System32\HPSIsvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ONLINENT.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [687336 2013-06-20] (Zbshareware Lab)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [161264 2012-08-03] (Quick Heal Technologies (P) Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: C:\Windows\System32\ScDetour.Dll => C:\Windows\System32\ScDetour.Dll [283104 2012-08-14] (Quick Heal Technologies (P) Ltd.)
Lsa: [Notification Packages] scecli ScSecAuth
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-567116275-2956606214-2557837817-1005\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-567116275-2956606214-2557837817-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-567116275-2956606214-2557837817-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-567116275-2956606214-2557837817-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=319&itype=n&ver=14963&tm=585&src=hmp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=319&itype=n&ver=14963&tm=585&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-567116275-2956606214-2557837817-1005 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=319&itype=n&ver=14963&tm=585&src=ds&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.co.in/
CHR StartupUrls: Default -> "https://www.google.co.in/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
CHR Extension: (Google Drive) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
CHR Extension: (Google Search) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
CHR Extension: (Google Sheets) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
CHR Extension: (Restart Browser) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhnjdejfbngngppihmpgncfnpfdaglhg [2014-11-17]
CHR Extension: (Avira Browser Safety) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-23]
CHR Extension: (AdBlock) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-14]
CHR Extension: (MS Updater) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\iadddcofhgaeeniecnhpopipbhijnphj [2014-11-21]
CHR Extension: (Dealz) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddmfogomafbmjkfcpfpnjfgecnjffng [2014-11-21]
CHR Extension: (Google Wallet) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Gmail) - C:\Users\ritvik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]
CHR HKLM\...\Chrome\Extension: [fgbcffenncokfocljomejddmgcpppjom] - No Path
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj] - No Path
CHR HKLM\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng] - No Path
CHR HKLM\...\Chrome\Extension: [lkemddiljapcmhicklfpcbpfffahfbja] - C:\Users\vicky\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx [Not Found]
CHR HKU\S-1-5-21-567116275-2956606214-2557837817-1005\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj] - No Path
CHR HKU\S-1-5-21-567116275-2956606214-2557837817-1005\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng] - No Path
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [29680 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-27] (Quick Heal Technologies (P) Ltd.)
S2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-27] (Quick Heal Technologies (P) Ltd.)
S2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [25584 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [91120 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [243320 2012-08-08] (Quick Heal Technologies (P) Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [306656 2012-08-14] (Quick Heal Technologies (P) Ltd.)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-10-08] (BlueStack Systems)
S2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [40432 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [29424 2012-08-03] (Quick Heal Technologies (P) Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [33136 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
S3 WinRing0_1_2_0; C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [14416 2012-11-13] (OpenLibSys.org)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [38856 2012-07-09] (Quick Heal Technologies (P) Ltd.)
R1 wstif; C:\Windows\System32\drivers\wstif.sys [68448 2012-08-05] (Quick Heal Technologies (P) Ltd.)
S4 aswSP; No ImagePath
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 catchme; \??\C:\Users\ritvik\AppData\Local\Temp\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 12:48 - 2015-01-26 12:49 - 00015643 _____ () C:\Users\ritvik\Downloads\FRST.txt
2015-01-26 12:48 - 2015-01-26 12:48 - 00000000 ____D () C:\FRST
2015-01-26 12:47 - 2015-01-26 12:47 - 00001097 _____ () C:\Users\ritvik\Desktop\FRST - Shortcut.lnk
2015-01-26 12:46 - 2015-01-26 12:46 - 01120768 _____ (Farbar) C:\Users\ritvik\Downloads\FRST.exe
2015-01-26 12:20 - 2015-01-26 12:20 - 00000000 ___HD () C:\Users\ritvik\ScStore
2015-01-25 17:32 - 2015-01-25 17:32 - 00013377 _____ () C:\ComboFix.txt
2015-01-25 17:15 - 2011-06-26 12:15 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-25 17:15 - 2010-11-07 22:50 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-25 17:15 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-25 17:15 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-25 17:15 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-25 17:15 - 2000-08-31 05:30 - 00098816 _____ () C:\Windows\sed.exe
2015-01-25 17:15 - 2000-08-31 05:30 - 00080412 _____ () C:\Windows\grep.exe
2015-01-25 17:15 - 2000-08-31 05:30 - 00068096 _____ () C:\Windows\zip.exe
2015-01-25 17:13 - 2015-01-25 17:32 - 00000000 ____D () C:\Qoobox
2015-01-25 17:12 - 2015-01-25 17:30 - 00000000 ____D () C:\Windows\erdnt
2015-01-25 17:12 - 2015-01-25 17:12 - 00001137 _____ () C:\Users\ritvik\Desktop\ComboFix - Shortcut.lnk
2015-01-25 17:06 - 2015-01-25 17:12 - 05609462 ____R (Swearware) C:\Users\ritvik\Downloads\ComboFix.exe
2015-01-25 15:13 - 2015-01-25 15:13 - 00000000 ___HD () C:\Users\ricky\ScStore
2015-01-23 12:20 - 2015-01-23 12:20 - 00000000 ____D () C:\Users\ricky\AppData\Roaming\AVG2015
2015-01-23 12:19 - 2015-01-23 12:19 - 00000000 ____D () C:\Users\ricky\AppData\Local\Avg2015
2015-01-23 12:18 - 2015-01-23 12:18 - 00135216 _____ () C:\Windows\Minidump\012315-34913-01.dmp
2015-01-22 19:14 - 2015-01-22 19:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-22 18:01 - 2015-01-22 18:01 - 00000000 ____D () C:\Users\ritvik\AppData\Roaming\AVG2015
2015-01-22 18:00 - 2015-01-22 18:00 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-22 18:00 - 2015-01-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-22 17:59 - 2015-01-25 17:35 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-22 17:59 - 2015-01-22 17:59 - 00000000 ____D () C:\Program Files\AVG
2015-01-22 17:48 - 2015-01-22 18:33 - 00000000 ____D () C:\Users\ritvik\AppData\Local\Avg2015
2015-01-22 16:55 - 2015-01-22 16:57 - 00000000 ____D () C:\Users\ritvik\Downloads\Temple Run 2 v1.9.1 [Unlimited Coins & Gems]--[[ S H @ H ]]
2015-01-21 19:41 - 2015-01-21 19:41 - 00000000 ____D () C:\Users\ricky\.android
2015-01-18 20:17 - 2015-01-18 20:17 - 00000000 ____D () C:\Users\ritvik\AppData\Local\Razer
2015-01-18 20:08 - 2015-01-18 20:08 - 00000000 ____D () C:\Users\ritvik\Downloads\Game Booster Beta
2015-01-18 20:06 - 2015-01-18 20:06 - 00002102 _____ () C:\Users\Public\Desktop\Razer Game Booster.lnk
2015-01-18 20:06 - 2015-01-18 20:06 - 00000000 ____D () C:\ProgramData\Razer
2015-01-18 20:06 - 2015-01-18 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-01-18 20:06 - 2015-01-18 20:06 - 00000000 ____D () C:\Program Files\Razer
2015-01-18 19:53 - 2015-01-18 19:58 - 21131384 _____ (Razer USA Ltd.) C:\Users\ritvik\Downloads\Razer Game Booster 3.5.6.0 beta {2012}.exe
2015-01-18 19:52 - 2015-01-18 19:52 - 00013485 _____ () C:\Users\ritvik\Downloads\[kickass.so]razer.game.booster.3.5.6.0.beta.2012.theemirskrew.torrent
2015-01-17 20:03 - 2015-01-17 20:03 - 09496467 _____ () C:\Users\ricky\Documents\Justin Bieber - Baby ft. Ludacris Dance Performance Dax Matthew ( Step Up Dance Studios ).mp4
2015-01-17 19:52 - 2015-01-17 19:52 - 09720175 _____ () C:\Users\ricky\Documents\Rahul dance ...mohhabbat barsa dena..jalgaon.mp4
2015-01-17 19:36 - 2015-01-17 19:36 - 04933364 _____ () C:\Users\ricky\Documents\Sawan aaya hai dance by yash bisht(Creature).mp4
2015-01-16 19:40 - 2015-01-16 19:40 - 23683582 _____ () C:\Users\ricky\Documents\Radha Nachegi Official Full Song Video _ Tevar _ Sonakshi Sinha, Manoj Bajpayee.mp4
2015-01-16 19:24 - 2015-01-16 19:24 - 52202003 _____ () C:\Users\ricky\Documents\_ TEVAR _ Superman SONG Dance TUTORIAL ( Choreographed By Kapil AroraXD ) BTI.mp4
2015-01-16 18:34 - 2015-01-16 18:34 - 18760195 _____ () C:\Users\ricky\Documents\abhi toh party shuru hui hai dance choreography lotus dance academy.mp4
2015-01-12 20:42 - 2015-01-12 20:42 - 00001246 _____ () C:\Users\ricky\Desktop\Golden Videos VHS to DVD Converter.lnk
2015-01-12 20:42 - 2015-01-12 20:42 - 00001232 _____ () C:\Users\ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Golden Videos VHS to DVD Converter.lnk
2015-01-12 20:38 - 2015-01-12 20:42 - 00002226 _____ () C:\Users\ricky\Desktop\NCH Suite.lnk
2015-01-12 20:38 - 2015-01-12 20:38 - 00001152 _____ () C:\Users\ricky\Desktop\Prism Video File Converter.lnk
2015-01-12 20:38 - 2015-01-12 20:38 - 00001138 _____ () C:\Users\ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2015-01-12 20:36 - 2015-01-19 20:43 - 00000000 ____D () C:\ProgramData\NCH Software
2015-01-12 20:36 - 2015-01-12 20:36 - 00000000 ____D () C:\Users\ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-01-12 20:35 - 2015-01-19 20:43 - 00000000 ____D () C:\Users\ricky\AppData\Roaming\NCH Software
2015-01-12 20:35 - 2015-01-12 20:35 - 00002142 _____ () C:\Users\ricky\Desktop\NCH Software.lnk
2015-01-12 20:35 - 2015-01-12 20:35 - 00001180 _____ () C:\Users\ricky\Desktop\VideoPad Video Editor.lnk
2015-01-12 20:35 - 2015-01-12 20:35 - 00001166 _____ () C:\Users\ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2015-01-11 13:17 - 2015-01-11 13:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-01-11 13:17 - 2015-01-11 13:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-01-08 14:23 - 2015-01-09 14:50 - 00000520 ___SH () C:\Users\ricky\AppData\Local\win_fldb_sys.dat
2015-01-07 13:18 - 2015-01-09 14:50 - 00000700 ___SH () C:\Users\ricky\AppData\Local\systemFL7.dat
2015-01-07 13:17 - 2015-01-09 14:50 - 00011781 ___SH () C:\Users\ricky\AppData\Local\win_flfiles_sys.dat
2015-01-07 13:17 - 2015-01-09 14:50 - 00003465 ___SH () C:\Users\ricky\AppData\Local\win_stlthdb_sys.dat
2015-01-07 13:16 - 2015-01-07 13:16 - 00000000 ____D () C:\Program Files\NewSoftware's
2015-01-07 13:14 - 2015-01-07 13:13 - 09289528 _____ (New Softwares.net) C:\Users\ritvik\Downloads\folder_lock.exe.EXE
2015-01-07 13:12 - 2015-01-07 13:12 - 00000000 ____D () C:\ProgramData\smdmf
2015-01-07 13:12 - 2015-01-07 13:12 - 00000000 ____D () C:\Program Files\Settings Manager
2014-12-30 15:53 - 2015-01-03 17:07 - 00000000 ____D () C:\Users\ritvik\Documents\New folder
2014-12-28 18:24 - 2014-12-28 18:24 - 00160984 _____ () C:\Windows\Minidump\122814-26800-01.dmp
2014-12-27 14:39 - 2014-12-27 14:39 - 00001806 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-12-27 14:39 - 2014-12-27 14:39 - 00001765 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-12-27 14:37 - 2014-12-27 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-12-27 14:37 - 2014-12-27 14:37 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-12-27 14:37 - 2014-12-27 14:37 - 00000000 ____D () C:\Program Files\BlueStacks
2014-12-27 14:35 - 2014-12-27 14:35 - 00000000 ____D () C:\Users\ritvik\AppData\Local\Bluestacks
2014-12-27 14:30 - 2015-01-25 16:12 - 00000000 ____D () C:\Users\ricky\AppData\Roaming\vlc
2014-12-27 13:56 - 2014-12-27 14:36 - 00000000 ____D () C:\Users\ricky\AppData\Roaming\Adobe
2014-12-27 13:55 - 2015-01-08 12:56 - 00000000 ____D () C:\Users\ricky\AppData\Local\Avg2014
2014-12-27 13:55 - 2014-12-27 14:36 - 00000000 ____D () C:\Users\ricky\AppData\Local\Adobe
2014-12-27 13:55 - 2014-12-27 13:55 - 00000000 ____D () C:\Users\ricky\AppData\Roaming\AVG2014
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 12:43 - 2014-10-10 11:25 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 12:28 - 2014-12-15 16:28 - 00000468 _____ () C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2015-01-26 12:27 - 2014-12-15 16:27 - 00000444 _____ () C:\Windows\Tasks\Resume Quickup Download.job
2015-01-26 12:24 - 2014-12-23 16:05 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-26 12:24 - 2014-06-28 17:16 - 01818773 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 12:24 - 2009-07-14 10:04 - 00012848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 12:24 - 2009-07-14 10:04 - 00012848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 12:20 - 2014-10-26 13:14 - 00000000 ____D () C:\Users\ritvik
2015-01-26 12:20 - 2014-10-10 11:25 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 12:19 - 2014-08-19 17:18 - 00053747 _____ () C:\Windows\setupact.log
2015-01-26 12:19 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 17:32 - 2009-07-14 08:07 - 00000000 __RHD () C:\Users\Default
2015-01-25 17:32 - 2009-07-14 08:07 - 00000000 ___RD () C:\Users\Public
2015-01-25 17:29 - 2009-07-14 07:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-25 17:26 - 2014-09-24 19:24 - 00032802 _____ () C:\Windows\PFRO.log
2015-01-25 17:25 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-25 17:25 - 2009-07-14 07:33 - 40894464 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-25 17:25 - 2009-07-14 07:33 - 17563648 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-25 17:25 - 2009-07-14 07:33 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-25 17:25 - 2009-07-14 07:33 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-25 17:25 - 2009-07-14 07:33 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-25 15:13 - 2014-12-18 13:15 - 00000000 ____D () C:\Users\ricky
2015-01-24 12:34 - 2014-10-26 13:23 - 00000000 ____D () C:\Users\ritvik\AppData\Roaming\vlc
2015-01-24 12:32 - 2014-06-28 17:19 - 00006230 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 12:18 - 2014-11-06 13:58 - 114947765 _____ () C:\Windows\MEMORY.DMP
2015-01-23 12:18 - 2014-07-23 16:59 - 00000000 ____D () C:\Windows\Minidump
2015-01-22 20:05 - 2014-10-26 13:17 - 00000000 ____D () C:\Users\ritvik\AppData\Roaming\uTorrent
2015-01-22 17:59 - 2014-12-23 16:31 - 00000000 ____D () C:\$AVG
2015-01-22 17:32 - 2014-12-23 16:31 - 00000000 ____D () C:\ProgramData\AVG2014
2015-01-22 17:30 - 2014-12-23 16:05 - 00000000 ____D () C:\Users\ritvik\AppData\Local\Avg2014
2015-01-22 16:57 - 2014-11-22 16:46 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-18 20:14 - 2014-06-29 19:46 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-12 15:22 - 2014-11-04 15:21 - 00000000 ____D () C:\Users\ritvik\Documents\FIFA 12
2015-01-08 13:15 - 2014-11-20 19:04 - 00000000 ____D () C:\ProgramData\VideoDimmer
2015-01-01 12:44 - 2014-12-18 13:15 - 00000000 ____D () C:\Users\ricky\AppData\Local\Google
2014-12-31 15:07 - 2014-11-04 13:54 - 00000000 ____D () C:\Users\ritvik\Documents\FIFA 13
2014-12-29 11:48 - 2014-06-28 17:30 - 00001024 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-29 11:48 - 2014-06-28 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-28 15:37 - 2014-12-22 22:22 - 592559552 _____ (Quick Heal Technologies (P) Ltd.) C:\Users\ritvik\Desktop\QHTSFT32.EXE
2014-12-27 14:39 - 2009-07-14 08:07 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-27 13:56 - 2014-12-18 13:47 - 00110488 _____ () C:\Users\ricky\AppData\Local\GDIPFONTCACHEV1.DAT
 
==================== Files in the root of some directories =======
 
2014-06-28 17:32 - 2014-06-28 17:41 - 4188160 _____ () C:\Program Files\GUT7455.tmp
2014-11-08 16:07 - 2014-11-08 16:07 - 0003584 _____ () C:\Users\ritvik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-03 17:34
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by ritvik at 2015-01-26 12:49:30
Running from C:\Users\ritvik\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Quick Heal Total Security 2013 (Disabled - Out of date) {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}
AS: Quick Heal Total Security 2013 (Disabled - Up to date) {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Quick Heal Firewall (Enabled) {E07A0A2B-A4EF-1278-9A2D-946815EFA634}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-567116275-2956606214-2557837817-1005\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
Chrome - Enhancer (HKLM\...\Enhancer1.0.1.13) (Version: 1.0.1.13 - Google Extensions)
Elements 11 Organizer (Version: 11.0 - Adobe Systems Incorporated) Hidden
Fifa 12 1.00 (HKLM\...\Fifa 12 1.00) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
navyscreensaver1 (HKU\S-1-5-21-567116275-2956606214-2557837817-1005\...\navyscreensaver1) (Version:  - )
navyscreensaver2 (HKU\S-1-5-21-567116275-2956606214-2557837817-1005\...\navyscreensaver2) (Version:  - )
Need for Speed Most Wanted Black Edition (HKLM\...\Need for Speed Most Wanted Black Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA Graphics Driver 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.58 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
Quick Heal Total Security (HKLM\...\Quick Heal Total Security) (Version: 14.00 - Quick Heal Technologies Pvt. Ltd.)
Quick Heal Total Security (Version: 14.00 - Quick Heal) Hidden
Razer Game Booster (HKLM\...\{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}) (Version: 3.5.6.0 - Razer USA Ltd.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Settings Manager (HKLM\...\Settings Manager) (Version: 5.0.0.14963 - Aztec Media Inc) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
YTD Video Downloader 4.7.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.3 - GreenTree Applications SRL) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
22-01-2015 17:26:34 Removed AVG 2014
22-01-2015 17:29:18 Removed AVG 2014
22-01-2015 17:59:06 Installed AVG 2015
22-01-2015 17:59:39 Installed AVG 2015
25-01-2015 17:16:02 ComboFix created restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2015-01-25 17:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14809155-95F3-462D-A8A9-D51EF5DFE3A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {56EE9E7D-29EE-42CC-9F6E-7898E27B0719} - System32\Tasks\Games\UpdateCheck_S-1-5-21-567116275-2956606214-2557837817-1007
Task: {60722171-9DD2-404D-ABA5-993A5CB53FBC} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [2012-07-27] (Quick Heal Technologies (P) Ltd.)
Task: {81905D5C-4217-4EFE-9958-FBA76201A7AF} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe [2012-11-13] ()
Task: {B225F2EF-9EFD-4238-A986-B7A062CD2FF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {C383A54B-4A15-433A-90F8-40BB53418907} - System32\Tasks\Games\UpdateCheck_S-1-5-21-567116275-2956606214-2557837817-1005
Task: {FA5CB6DC-4AE0-4070-90B0-7492E722FA62} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2012-07-27] (Quick Heal Technologies (P) Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-28 17:34 - 2011-10-04 22:42 - 00086016 _____ () C:\Windows\System32\custmon32i.dll
2014-07-09 19:37 - 2012-08-31 15:01 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2014-07-09 19:38 - 2012-08-31 15:01 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2011-08-05 18:28 - 2011-08-05 18:28 - 00036864 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\SCANAPI.DLL
2012-08-22 14:20 - 2012-08-22 14:20 - 00102400 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\SCANSDK.DLL
2012-08-24 20:57 - 2012-08-24 20:57 - 00024576 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\PLATFORM.DLL
2012-01-06 12:02 - 2012-01-06 12:02 - 00024576 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\FILESDK.DLL
2009-09-21 22:43 - 2009-09-21 22:43 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\DRVCOMM.DLL
2011-08-05 18:28 - 2011-08-05 18:28 - 00036864 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\scanapi.dll
2012-08-10 22:00 - 2012-08-10 22:00 - 00143360 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\SCAN.DLL
2007-10-10 13:08 - 2007-10-10 13:08 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\VIRLIST.DLL
2012-07-28 15:32 - 2012-07-28 15:32 - 00061440 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\BOOTSCAN.DLL
2010-10-18 15:10 - 2010-10-18 15:10 - 00032768 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\DISASM.DLL
2012-06-15 23:44 - 2012-06-15 23:44 - 00176128 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\MLTISCAN.DLL
2012-06-08 21:54 - 2012-06-08 21:54 - 00106496 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\PESCAN.DLL
2012-07-30 22:18 - 2012-07-30 22:18 - 00266240 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\DOSPOLY.DLL
2012-08-29 12:38 - 2012-08-29 12:38 - 04300800 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\PEPOLY.DLL
2012-08-10 22:00 - 2012-08-10 22:00 - 00225280 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\ARCVSDK.DLL
2005-07-18 12:39 - 2005-07-18 12:39 - 00040960 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\OLESDK.DLL
2012-08-03 13:21 - 2012-08-03 13:21 - 03667456 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\PEML00.DLL
2012-06-25 11:20 - 2012-06-25 11:20 - 00002560 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\PEML01.DLL
2012-07-18 16:17 - 2012-07-18 16:17 - 00002560 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\PEML02.DLL
2012-07-04 23:38 - 2012-07-04 23:38 - 00184320 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\VBSSCAN.DLL
2012-08-28 22:12 - 2012-08-28 22:12 - 00147456 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\WORMSCAN.DLL
2012-08-28 22:12 - 2012-08-28 22:12 - 00147456 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\BKDRSCAN.DLL
2012-08-07 13:44 - 2012-08-07 13:44 - 00077824 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\MACSCAN.DLL
2011-08-04 21:11 - 2011-08-04 21:11 - 00045056 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\MACRINFO.DLL
2012-08-28 22:12 - 2012-08-28 22:12 - 00380928 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\MISCSCAN.DLL
2012-08-27 22:10 - 2012-08-27 22:10 - 00094208 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\HEURSCAN.DLL
2011-08-04 21:12 - 2011-08-04 21:12 - 00077824 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\PCKRSCAN.DLL
2012-08-10 22:00 - 2012-08-10 22:00 - 00135168 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\LZESDK.DLL
2005-05-10 03:38 - 2005-05-10 03:38 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\ARJSDK.DLL
2005-10-26 19:50 - 2005-10-26 19:50 - 00028672 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\UNARJ32.DLL
2012-02-09 17:46 - 2012-02-09 17:46 - 00118784 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\RARSDK.DLL
2014-06-29 19:42 - 2011-10-26 17:41 - 00305664 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2012-11-13 21:53 - 2012-11-13 21:53 - 00121472 _____ () C:\Program Files\Razer\Razer Game Booster\GBV3ContextMenu.dll
2015-01-22 16:57 - 2015-01-21 09:20 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-22 16:57 - 2015-01-21 09:20 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-22 16:57 - 2015-01-21 09:20 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.91\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-567116275-2956606214-2557837817-500 - Administrator - Disabled)
Guest (S-1-5-21-567116275-2956606214-2557837817-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-567116275-2956606214-2557837817-1002 - Limited - Enabled)
ricky (S-1-5-21-567116275-2956606214-2557837817-1007 - Limited - Enabled) => C:\Users\ricky
ritvik (S-1-5-21-567116275-2956606214-2557837817-1005 - Administrator - Enabled) => C:\Users\ritvik
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/26/2015 00:19:18 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/25/2015 05:26:46 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/25/2015 04:57:59 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/25/2015 03:40:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.5.0, time stamp: 0x00000004
Faulting module name: vlc.exe, version: 2.1.5.0, time stamp: 0x00000004
Exception code: 0xc0000005
Fault offset: 0x000019b0
Faulting process id: 0x11f4
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (01/25/2015 03:13:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/24/2015 00:32:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (01/24/2015 00:32:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (01/24/2015 00:26:45 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/23/2015 01:25:25 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (01/22/2015 08:06:00 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
   at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   at BlueStacks.hyperDroid.Service.Service.OnStop()
   at BlueStacks.hyperDroid.Service.Service.OnShutdown()
   at System.ServiceProcess.ServiceBase.DeferredShutdown().
 
 
System errors:
=============
Error: (01/26/2015 00:21:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Online Protection System service hung on starting.
 
Error: (01/26/2015 00:19:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (01/25/2015 05:28:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Online Protection System service hung on starting.
 
Error: (01/25/2015 05:26:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (01/25/2015 05:26:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:25:13 PM on ‎1/‎25/‎2015 was unexpected.
 
Error: (01/25/2015 05:25:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/25/2015 05:25:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/25/2015 05:21:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/25/2015 05:17:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/25/2015 04:59:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Online Protection System service hung on starting.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD Sempron™ 145 Processor
Percentage of memory in use: 61%
Total physical RAM: 2046.46 MB
Available physical RAM: 792.98 MB
Total Pagefile: 4092.93 MB
Available Pagefile: 2333.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.44 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:60.15 GB) NTFS
Drive d: () (Fixed) (Total:68.36 GB) (Free:55.83 GB) NTFS
Drive e: () (Fixed) (Total:66.87 GB) (Free:24.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BB92BB92)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=66.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:16 PM

Posted 26 January 2015 - 10:46 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:16 PM

Posted 30 January 2015 - 02:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users