Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Buzzdock advertisements keep redirecting in Google Chrome


  • This topic is locked This topic is locked
4 replies to this topic

#1 graman

graman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 04 February 2015 - 02:11 PM

A few days ago I started getting buzzdock advertisements popping up and often redirecting on google Chrome whenever I typed in a search or explored certain sites. I initially reset Chrome, which included turning off the four extensions I had, and that made no difference. I then downloaded and ran Malwarebytes, but that wasn't able to pick up on the problem. I also tried to uninstall any program I had downloaded recently. Once again, no luck. I'm not sure what to do at this point except for restoring it to factory settings.

 

I have a Microsoft Surface Pro 3 and I am running Windows 8.1 Pro. My computer was running the Avast antivirus program when this problem surfaced. Any and all input would be greatly appreciated.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by Ravneet (administrator) on RAMANT on 04-02-2015 10:39:30
Running from C:\Users\Ravneet\Downloads
Loaded Profiles: Ravneet (Available profiles: Ravneet)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKU\S-1-5-21-2117931900-3099567150-1088051839-1001\...\Run: [GoogleChromeAutoLaunch_62E2CA146B196318F6BB5D89773CDF1C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-26] (Google Inc.)
Startup: C:\Users\Ravneet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)

 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.18 64.59.150.134

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-02-03]

Chrome:
=======
CHR Profile: C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-14]
CHR Extension: (Google Drive) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-14]
CHR Extension: (YouTube) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-14]
CHR Extension: (Google Search) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-14]
CHR Extension: (Avast SafePrice) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-03]
CHR Extension: (AdBlock) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-30]
CHR Extension: (Bookmark Manager) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-28]
CHR Extension: (Avast Online Security) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-28]
CHR Extension: (Pin It Button) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-12]
CHR Extension: (Untangle Puzzle game) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiffnempoiaicdjepdbdjfobofcicich [2014-12-16]
CHR Extension: (Google Wallet) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-14]
CHR Extension: (Gmail) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-14]

 

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2015-02-04] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [799944 2015-02-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2015-02-04] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2015-02-04] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-01-31] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1002496 2014-12-24] (Marvell Semiconductors Inc.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [66672 2014-10-25] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-04-14] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-03-18] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411648 2014-12-24] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 10:39 - 2015-02-04 10:39 - 00016719 _____ () C:\Users\Ravneet\Downloads\FRST.txt
2015-02-04 10:38 - 2015-02-04 10:39 - 00000000 ____D () C:\FRST
2015-02-04 10:38 - 2015-02-04 10:38 - 02131968 _____ (Farbar) C:\Users\Ravneet\Downloads\FRST64.exe
2015-02-03 19:21 - 2015-02-04 10:11 - 00000197 _____ () C:\windows\system32\2015-02-04-03-21-09.074-AvastVBoxSVC.exe-2660.log
2015-02-03 19:08 - 2015-02-03 19:08 - 00438056 _____ () C:\windows\Minidump\020315-7796-01.dmp
2015-02-03 18:55 - 2015-02-03 18:55 - 00442184 _____ () C:\windows\Minidump\020315-7109-01.dmp
2015-02-03 18:53 - 2015-02-03 18:53 - 00438056 _____ () C:\windows\Minidump\020315-6937-01.dmp
2015-02-03 18:52 - 2015-02-04 10:04 - 00002330 _____ () C:\Users\Ravneet\Desktop\Safe Money.lnk
2015-02-03 18:47 - 2015-02-04 10:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-03 18:47 - 2015-02-03 18:47 - 00002076 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-02-03 18:47 - 2015-02-03 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-02-03 18:47 - 2015-02-03 18:47 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-02-03 18:47 - 2014-08-12 18:32 - 00247480 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys
2015-02-03 18:47 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2015-02-03 18:46 - 2015-02-03 18:46 - 207667008 _____ (Kaspersky Lab) C:\Users\Ravneet\Downloads\kts15.0.1.415EN_FR_6772.exe
2015-02-03 18:15 - 2015-02-03 18:15 - 00000000 ____D () C:\windows\system32\appmgmt
2015-02-03 17:44 - 2015-02-03 17:44 - 00000197 _____ () C:\windows\system32\2015-02-04-01-44-38.035-AvastVBoxSVC.exe-2536.log
2015-02-03 17:34 - 2015-02-04 10:05 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 17:34 - 2015-02-03 17:34 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-03 17:34 - 2015-02-03 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-03 17:34 - 2015-02-03 17:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-03 17:34 - 2015-02-03 17:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-03 17:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-03 17:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-03 17:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-03 17:32 - 2015-02-03 17:32 - 00001969 _____ () C:\Users\Ravneet\Downloads\software_removal_tool.log
2015-02-03 12:53 - 2015-02-03 12:54 - 00005010 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0.2
2015-02-03 12:53 - 2015-02-03 12:53 - 00000000 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0.2.lck
2015-02-02 18:28 - 2015-02-02 18:28 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-02-02 17:35 - 2015-02-02 17:35 - 08723453 _____ () C:\Users\Ravneet\Downloads\Scan_20150202_142423.jpeg
2015-02-02 17:35 - 2015-02-02 17:35 - 08486788 _____ () C:\Users\Ravneet\Downloads\Scan_20150202_142534.jpeg
2015-02-02 17:35 - 2015-02-02 17:35 - 07970015 _____ () C:\Users\Ravneet\Downloads\Scan_20150202_142703.jpeg
2015-02-02 17:35 - 2015-02-02 17:35 - 07548498 _____ () C:\Users\Ravneet\Downloads\Scan_20150202_142258.jpeg
2015-02-02 17:35 - 2015-02-02 17:35 - 07421690 _____ () C:\Users\Ravneet\Downloads\Scan_20150202_142157.jpeg
2015-02-02 17:35 - 2015-02-02 17:35 - 03383926 _____ () C:\Users\Ravneet\Downloads\Scan_20150202_143133.jpeg
2015-02-02 17:35 - 2015-02-02 17:35 - 02825638 _____ () C:\Users\Ravneet\Downloads\Scan_20150202_142030.jpeg
2015-01-30 15:33 - 2015-01-30 16:16 - 00006170 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0.1
2015-01-30 15:33 - 2015-01-30 15:33 - 00000000 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0.1.lck
2015-01-30 15:24 - 2015-01-30 15:24 - 00000197 _____ () C:\windows\system32\2015-01-30-23-24-43.089-AvastVBoxSVC.exe-2472.log
2015-01-30 13:42 - 2015-02-03 17:42 - 03468288 _____ () C:\Users\Ravneet\AppData\Local\wnc.db
2015-01-30 13:42 - 2015-01-30 15:00 - 00008108 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0
2015-01-30 13:42 - 2015-01-30 13:42 - 00001767 _____ () C:\Users\Ravneet\AppData\Local\opensource-licenses.txt
2015-01-30 13:42 - 2015-01-30 13:42 - 00000453 _____ () C:\Users\Ravneet\AppData\Local\wnc.properties
2015-01-30 13:42 - 2015-01-30 13:42 - 00000000 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0.lck
2015-01-30 13:41 - 2015-01-30 13:41 - 00034899 ____H () C:\Users\Ravneet\Downloads\~WRL1157.tmp
2015-01-30 13:38 - 2015-01-30 13:39 - 55863838 _____ (RefWorks-COS) C:\Users\Ravneet\Downloads\WnC4Install32.exe
2015-01-30 13:37 - 2015-01-30 13:41 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2015-01-30 13:37 - 2015-01-30 13:37 - 01034216 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2015-01-30 13:37 - 2015-01-30 13:37 - 00916456 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2015-01-30 13:32 - 2015-01-30 13:33 - 51329921 _____ (RefWorks-COS) C:\Users\Ravneet\Downloads\WnC4Install64.exe
2015-01-30 13:24 - 2015-01-30 13:25 - 00000000 ____D () C:\Users\Ravneet\Desktop\School
2015-01-30 11:29 - 2015-01-30 11:29 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-30 11:29 - 2015-01-30 11:29 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-29 21:49 - 2015-01-29 21:49 - 01342984 _____ () C:\windows\Minidump\012915-8140-01.dmp
2015-01-29 21:46 - 2015-01-29 21:46 - 00000197 _____ () C:\windows\system32\2015-01-30-05-46-43.096-AvastVBoxSVC.exe-2544.log
2015-01-29 21:40 - 2015-01-29 21:40 - 00000000 ____D () C:\windows\PCHEALTH
2015-01-29 21:40 - 2015-01-29 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-01-29 21:40 - 2015-01-29 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-29 21:40 - 2015-01-29 21:40 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-29 21:40 - 2015-01-29 21:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-01-29 21:39 - 2015-01-29 21:39 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-29 21:38 - 2015-01-29 21:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-01-29 21:37 - 2015-01-31 22:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-29 21:37 - 2015-01-29 21:37 - 00000000 ____D () C:\Users\Ravneet\AppData\Local\Microsoft Help
2015-01-29 21:37 - 2015-01-29 21:37 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-29 21:37 - 2015-01-29 21:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-01-29 21:36 - 2015-01-29 21:36 - 00000000 ____D () C:\Users\Ravneet\AppData\Roaming\PowerISO
2015-01-29 21:35 - 2015-02-03 17:42 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-01-29 21:35 - 2015-01-29 21:35 - 00000831 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2015-01-29 21:35 - 2015-01-29 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-01-29 21:35 - 2015-01-29 21:35 - 00000000 ____D () C:\Program Files\PowerISO
2015-01-29 21:35 - 2014-10-08 05:13 - 00127760 _____ (Power Software Ltd) C:\windows\system32\Drivers\scdemu.sys
2015-01-29 21:33 - 2015-02-03 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2015-01-29 21:29 - 2015-01-29 21:29 - 00000000 ____D () C:\Users\Ravneet\AppData\Roaming\WinRAR
2015-01-29 21:29 - 2015-01-29 21:29 - 00000000 ____D () C:\Users\Ravneet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-29 21:29 - 2015-01-29 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-29 21:29 - 2015-01-29 21:29 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-29 21:28 - 2015-01-29 21:28 - 01937648 _____ () C:\Users\Ravneet\Downloads\winrar-x64-521b1.exe
2015-01-29 21:15 - 2015-01-29 21:29 - 00000000 ____D () C:\Users\Ravneet\Downloads\Microsoft Office Proffesional Plus 2010 Corporate Final Full Activated -NoGRp
2015-01-28 19:13 - 2015-01-28 19:13 - 00000197 _____ () C:\windows\system32\2015-01-29-03-13-05.060-AvastVBoxSVC.exe-3620.log
2015-01-26 20:00 - 2015-01-26 20:00 - 00000247 _____ () C:\windows\system32\2015-01-27-04-00-00.030-aswFe.exe-5428.log
2015-01-26 19:57 - 2015-01-26 19:59 - 00000247 _____ () C:\windows\system32\2015-01-27-03-57-39.036-aswFe.exe-4028.log
2015-01-26 19:57 - 2015-01-26 19:57 - 00000197 _____ () C:\windows\system32\2015-01-27-03-57-38.017-AvastVBoxSVC.exe-3428.log
2015-01-26 19:51 - 2015-01-26 19:51 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2015-01-26 19:51 - 2015-01-26 19:51 - 00000000 ____D () C:\windows\SysWOW64\vbox
2015-01-26 19:51 - 2015-01-26 19:51 - 00000000 ____D () C:\windows\system32\vbox
2015-01-26 19:51 - 2015-01-26 19:51 - 00000000 ____D () C:\Users\Ravneet\AppData\Roaming\AVAST Software
2015-01-26 19:50 - 2015-01-26 19:50 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-26 19:49 - 2015-01-26 19:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-26 19:49 - 2015-01-26 19:49 - 05006864 _____ (AVAST Software) C:\Users\Ravneet\Downloads\avast_free_antivirus_setup_online.exe
2015-01-15 20:24 - 2014-11-26 10:38 - 24201368 _____ (Intel Corporation) C:\windows\system32\igdumdim64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 05943072 _____ (Intel Corporation) C:\windows\system32\igdusc64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 04679768 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 02945472 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
2015-01-15 20:24 - 2014-11-26 10:38 - 02776408 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 01512568 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 01402296 _____ (Intel Corporation) C:\windows\system32\iglhsip64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 01399200 _____ (Intel Corporation) C:\windows\SysWOW64\iglhsip32.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 01365504 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 01061376 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00978040 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00734720 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00671352 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00615544 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00472976 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUMS64.exe
2015-01-15 20:24 - 2014-11-26 10:38 - 00457616 _____ () C:\windows\system32\igfxTray.exe
2015-01-15 20:24 - 2014-11-26 10:38 - 00372224 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00354136 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00304128 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00279952 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2015-01-15 20:24 - 2014-11-26 10:38 - 00266072 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00254976 _____ () C:\windows\system32\igfxCPL.cpl
2015-01-15 20:24 - 2014-11-26 10:38 - 00220392 _____ (Intel Corporation) C:\windows\system32\iglhcp64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00207872 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00207496 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00196728 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00195984 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2015-01-15 20:24 - 2014-11-26 10:38 - 00184312 _____ (Intel Corporation) C:\windows\SysWOW64\iglhcp32.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00183296 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v4029.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00175104 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00175024 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00135000 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00127320 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00082432 _____ (Khronos Group) C:\windows\system32\Intel_OpenCL_ICD64.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00074240 _____ (Khronos Group) C:\windows\SysWOW64\Intel_OpenCL_ICD32.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00031408 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00030720 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2015-01-15 20:24 - 2014-11-26 10:38 - 00004016 _____ () C:\windows\system32\iglhxs64.vp
2015-01-15 20:24 - 2014-11-26 10:37 - 25175552 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 23401576 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 20049408 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 17170624 _____ () C:\windows\system32\igd11dxva64.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 16698848 _____ () C:\windows\SysWOW64\igd11dxva32.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 12003840 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 11512320 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 09155072 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 07654408 _____ (Intel Corporation) C:\windows\system32\igd10iumd64.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 07232512 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 06956056 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 04763064 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2015-01-15 20:24 - 2014-11-26 10:37 - 00637000 _____ (Intel Corporation) C:\windows\system32\igdmd64.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 00515960 _____ (Intel Corporation) C:\windows\SysWOW64\igdmd32.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 00418704 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
2015-01-15 20:24 - 2014-11-26 10:37 - 00397824 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 00350208 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 00227328 _____ () C:\windows\system32\igdde64.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 00187392 _____ () C:\windows\SysWOW64\igdde32.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 00169984 _____ (Intel Corporation) C:\windows\system32\igdail64.dll
2015-01-15 20:24 - 2014-11-26 10:37 - 00155536 _____ (Intel Corporation) C:\windows\system32\difx64.exe
2015-01-15 20:24 - 2014-11-26 10:37 - 00151552 _____ (Intel Corporation) C:\windows\SysWOW64\igdail32.dll
2015-01-13 12:05 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 12:05 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 12:05 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-13 12:05 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 12:05 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-13 12:05 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-13 12:05 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-13 12:05 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-13 12:05 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-13 12:05 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-13 12:05 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-13 12:05 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-13 12:05 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-13 12:05 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 12:05 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-13 12:05 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-13 12:05 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-13 12:05 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-13 12:05 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-13 12:05 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-13 12:05 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-13 12:05 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-13 12:05 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-13 12:05 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-13 12:05 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-13 12:05 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-13 12:05 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-13 12:05 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-13 12:05 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-13 12:05 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-13 12:05 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

 

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 10:38 - 2014-08-14 14:18 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 10:38 - 2014-08-14 14:18 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 10:33 - 2014-08-14 14:18 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 10:33 - 2014-08-14 14:18 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 10:31 - 2014-08-14 14:06 - 01804521 _____ () C:\windows\WindowsUpdate.log
2015-02-04 10:18 - 2014-08-20 18:04 - 00799944 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-02-04 10:18 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2015-02-04 10:18 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klwtp.sys
2015-02-04 10:18 - 2014-07-25 13:13 - 00068616 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klwfp.sys
2015-02-04 10:16 - 2014-08-14 14:19 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2117931900-3099567150-1088051839-1001
2015-02-04 10:03 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-03 19:15 - 2013-08-22 06:46 - 00032192 _____ () C:\windows\setupact.log
2015-02-03 19:15 - 2013-08-22 06:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-03 19:08 - 2014-08-31 14:36 - 00000000 ____D () C:\windows\Minidump
2015-02-03 19:07 - 2014-08-31 14:36 - 436294105 _____ () C:\windows\MEMORY.DMP
2015-02-03 18:54 - 2014-11-19 12:49 - 00004974 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RAMANT-Ravneet RamanT
2015-02-03 18:54 - 2014-08-14 14:16 - 00000000 ___DO () C:\Users\Ravneet\OneDrive
2015-02-03 18:54 - 2014-08-14 14:13 - 00000000 ____D () C:\Users\Ravneet
2015-02-03 18:53 - 2014-05-08 18:57 - 00048350 _____ () C:\windows\PFRO.log
2015-02-03 18:47 - 2013-08-22 07:36 - 00000000 ___HD () C:\windows\ELAMBKUP
2015-02-03 18:47 - 2013-08-22 05:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-02-03 18:18 - 2014-10-13 17:18 - 00000000 ____D () C:\Users\Ravneet\Documents\My Digital Editions
2015-02-03 18:18 - 2014-09-08 14:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-03 17:47 - 2014-05-08 19:06 - 00818732 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-03 17:42 - 2013-08-22 06:44 - 00482504 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-03 17:42 - 2013-08-22 05:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-02-03 14:50 - 2014-08-14 14:17 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{8A0FEF26-8898-4676-ACF3-F8A78AC716BF}
2015-02-03 11:14 - 2014-08-16 16:55 - 00712704 ___SH () C:\Users\Ravneet\Downloads\Thumbs.db
2015-02-02 17:54 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-02 17:49 - 2014-08-14 14:14 - 00000000 ____D () C:\Users\Ravneet\AppData\Local\Packages
2015-01-31 22:30 - 2013-08-22 05:25 - 00000167 _____ () C:\windows\win.ini
2015-01-31 22:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-29 21:42 - 2015-01-02 18:04 - 00000000 ____D () C:\Users\Ravneet\AppData\Roaming\uTorrent
2015-01-29 21:40 - 2014-05-08 19:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-29 21:37 - 2013-08-22 11:11 - 00000000 ____D () C:\windows\ShellNew
2015-01-28 19:10 - 2014-09-08 09:57 - 00000000 ____D () C:\windows\system32\MRT
2015-01-28 19:08 - 2014-09-08 09:57 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-27 10:55 - 2013-08-22 07:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-24 12:20 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 12:20 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 20:25 - 2014-05-08 18:43 - 00000000 ____D () C:\windows\Firmware
2015-01-11 16:56 - 2014-08-31 16:06 - 00087040 ___SH () C:\Users\Ravneet\Desktop\Thumbs.db
2015-01-06 10:56 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\LiveKernelReports
2015-01-05 21:04 - 2014-09-09 09:50 - 00655360 _____ () C:\windows\system32\Drivers\mrvlsqram.bin
2015-01-05 21:04 - 2014-09-09 09:50 - 00360448 _____ () C:\windows\system32\Drivers\mrvliram.bin
2015-01-05 21:04 - 2014-09-09 09:50 - 00065536 _____ () C:\windows\system32\Drivers\mrvlitcm.bin
2015-01-05 21:04 - 2014-09-09 09:50 - 00032768 _____ () C:\windows\system32\Drivers\mrvldtcm.bin
2015-01-05 21:04 - 2014-09-03 16:18 - 00393220 _____ () C:\windows\system32\Drivers\MrvlDebugStore.bin
2015-01-05 21:04 - 2014-09-03 16:18 - 00032772 _____ () C:\windows\system32\Drivers\MrvlLogEntry.bin

==================== Files in the root of some directories =======

2015-01-30 13:42 - 2015-01-30 13:42 - 0001767 _____ () C:\Users\Ravneet\AppData\Local\opensource-licenses.txt
2015-01-30 13:42 - 2015-02-03 17:42 - 3468288 _____ () C:\Users\Ravneet\AppData\Local\wnc.db
2015-01-30 13:42 - 2015-01-30 15:00 - 0008108 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0
2015-01-30 15:33 - 2015-01-30 16:16 - 0006170 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0.1
2015-01-30 15:33 - 2015-01-30 15:33 - 0000000 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0.1.lck
2015-02-03 12:53 - 2015-02-03 12:54 - 0005010 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0.2
2015-02-03 12:53 - 2015-02-03 12:53 - 0000000 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0.2.lck
2015-01-30 13:42 - 2015-01-30 13:42 - 0000000 _____ () C:\Users\Ravneet\AppData\Local\wnc.log.0.lck
2015-01-30 13:42 - 2015-01-30 13:42 - 0000453 _____ () C:\Users\Ravneet\AppData\Local\wnc.properties
2014-05-08 18:58 - 2014-05-08 18:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:

====================
C:\Users\Ravneet\AppData\Local\Temp\proxy_vole1817757458230447949.dll
C:\Users\Ravneet\AppData\Local\Temp\uttA77.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-26 12:08

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:22 PM

Posted 08 February 2015 - 09:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR Extension: (Avast SafePrice) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-03]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
C:\Users\Ravneet\AppData\Local\Temp\proxy_vole1817757458230447949.dll
C:\Users\Ravneet\AppData\Local\Temp\uttA77.tmp.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

If the problem still persists in chrome I suggest your remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Reinstall Chrome and the Bookmarks.

<<<>>>

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#3 graman

graman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 09 February 2015 - 02:59 PM

The buzzdock advertisements are gone. I haven't had any issues on Chrome so far (well, for the 20 minutes I've been using it). I feel so much more comfortable now. I didn't mind changing browsers but I hated knowing something was wrong. Thank you so much nasdaq! You are amazing!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Ravneet at 2015-02-08 14:02:04 Run:1
Running from C:\Users\Ravneet\Downloads
Loaded Profiles: Ravneet (Available profiles: Ravneet)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR Extension: (Avast SafePrice) - C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-03]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
C:\Users\Ravneet\AppData\Local\Temp\proxy_vole1817757458230447949.dll
C:\Users\Ravneet\AppData\Local\Temp\uttA77.tmp.exe

End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
C:\Users\Ravneet\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck directory not found.
klkbdflt2 => Error deleting Service
C:\Users\Ravneet\AppData\Local\Temp\proxy_vole1817757458230447949.dll => Moved successfully.
C:\Users\Ravneet\AppData\Local\Temp\uttA77.tmp.exe => Moved successfully.

The system needed a reboot.

==== End of Fixlog 14:02:05 ====

 

 Results of screen317's Security Check version 0.99.96 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Kaspersky Total Security  
Windows Defender          
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Reader XI 
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 Kaspersky Lab Kaspersky Total Security 15.0.1 avp.exe 
 Kaspersky Lab Kaspersky Total Security 15.0.1 avpui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:22 PM

Posted 10 February 2015 - 08:49 AM

Remove this old version of Java 8 Update 25 using the Add/Remove Progams applet.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:22 PM

Posted 15 February 2015 - 10:20 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users