Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adulttube info virus attack help required


  • This topic is locked This topic is locked
4 replies to this topic

#1 DESKTOPHELP

DESKTOPHELP

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 AM

Posted 10 April 2015 - 12:27 PM

have run the FRST scan and the files are enclosed for your reference, even while typing this the page was redirected more than ten times and its happening since yesterday

Attached Files


Edited by DESKTOPHELP, 10 April 2015 - 12:29 PM.


BC AdBot (Login to Remove)

 


m

#2 DESKTOPHELP

DESKTOPHELP
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 AM

Posted 10 April 2015 - 12:32 PM

frst

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by VISHRATNA (administrator) on VISHRATNA-PC on 10-04-2015 22:50:35
Running from C:\Users\VISHRATNA\Downloads
Loaded Profiles: VISHRATNA (Available profiles: VISHRATNA)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
() C:\ProgramData\airtel\OnlineUpdate\ouc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\BDSSVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\emlproxy.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\OPSSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\quhlpsvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\scanwscs.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\ONLINENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\SAPISSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Guardian AntiVirus\strtupap.exe [196704 2013-11-25] (Quick Heal Technologies (P) Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Quick Heal\Guardian AntiVirus\SFMDPRT.EXE,
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {81029776-34ad-11e3-a228-001e101f2c0e} - E:\AutoRun.exe
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {85c97fac-3643-11e2-a831-c0cb38a985d8} - E:\AutoRun.exe
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {96e2060a-ee7a-11e2-93c9-c0cb38a985d8} - E:\AutoRun.exe
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {96e20637-ee7a-11e2-93c9-c0cb38a985d8} - E:\AutoRun.exe
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {971df83e-3494-11e2-9c8f-c0cb38a985d8} - E:\Setup.exe /Auto
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {ff661800-3490-11e2-a955-c0cb38a985d8} - E:\AutoRun.exe
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {ff661810-3490-11e2-a955-c0cb38a985d8} - E:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-in/?ocid=iehp
Toolbar: HKU\S-1-5-21-1918348328-2855527503-2645124431-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1918348328-2855527503-2645124431-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-1918348328-2855527503-2645124431-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [330352] (VMware, Inc.)
Winsock: Catalog9 13 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [330352] (VMware, Inc.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438384] (VMware, Inc.)
Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438384] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.163.64.81 8.8.8.8
Tcpip\..\Interfaces\{255D56FE-1764-4FA4-8356-E191E1B3F164}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{F8430EE6-37D1-4DC4-9958-414A1655A2EE}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF ProfilePath: C:\Users\VISHRATNA\AppData\Roaming\Mozilla\Firefox\Profiles\hla4688c.default-1407599241111
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\VISHRATNA\AppData\Roaming\mozilla\plugins\npatgpc.dll [2012-11-21] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR Profile: C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-10]
CHR Extension: (Google Docs) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-10]
CHR Extension: (Google Drive) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-10]
CHR Extension: (YouTube) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-10]
CHR Extension: (Google Search) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-10]
CHR Extension: (Google Sheets) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
CHR Extension: (Google Wallet) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-10]
CHR Extension: (Gmail) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 airtel. RunOuc; C:\Program Files (x86)\airtel\UpdateDog\ouc.exe [655216 2013-10-30] () [File not signed]
S2 arwsrvc; C:\Program Files\Quick Heal\Guardian AntiVirus\arwsrvc.exe [296040 2015-04-10] (Quick Heal Technologies (P) Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Guardian AntiVirus\bdssvc.exe [27584 2013-08-26] (Quick Heal Technologies (P) Ltd.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Guardian AntiVirus\EMLPROXY.EXE [44136 2015-04-10] (Quick Heal Technologies (P) Ltd.)
S2 Core Scanning Server; C:\Program Files\Quick Heal\Guardian AntiVirus\SAPISSVC.EXE [262568 2013-08-12] (Quick Heal Technologies (P) Ltd.)
R2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Guardian AntiVirus\SAPISSVC.EXE [262568 2013-08-12] (Quick Heal Technologies (P) Ltd.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Online Protection System; C:\Program Files\Quick Heal\Guardian AntiVirus\opssvc.exe [34728 2013-08-12] (Quick Heal Technologies (P) Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Quick Update Service; C:\Program Files\Quick Heal\Guardian AntiVirus\quhlpsvc.exe [128104 2015-04-10] (Quick Heal Technologies (P) Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Guardian AntiVirus\SCANWSCS.EXE [319152 2015-04-10] (Quick Heal Technologies (P) Ltd.)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2008-12-01] (VMware, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-18] (Dell Inc.) [File not signed]
S2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [X]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [46824 2015-04-10] (Quick Heal Technologies (P) Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [270568 2015-04-10] (Quick Heal Technologies (P) Ltd.)
R1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [26344 2015-04-10] (Quick Heal Technologies (P) Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [61672 2014-04-28] (Quick Heal Technologies (P) Ltd.)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [19032 2013-07-20] (Quick Heal Technologies (P) Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [73816 2013-09-07] (Quick Heal Technologies (P) Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [68328 2014-03-17] (Quick Heal Technologies (P) Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [40536 2013-08-24] (Quick Heal Technologies (P) Ltd.)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [30832 2010-11-19] (VMware, Inc.)
R2 webssx; C:\Windows\System32\DRIVERS\webssx.sys [60648 2013-12-30] (Quick Heal Technologies (P) Ltd.)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [73960 2014-05-19] (Quick Heal Technologies (P) Ltd.)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-04] (ZTEMT Incorporated)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-10 22:49 - 2015-04-10 22:50 - 00026548 _____ () C:\Users\VISHRATNA\Downloads\Addition.txt
2015-04-10 22:47 - 2015-04-10 22:50 - 00012839 _____ () C:\Users\VISHRATNA\Downloads\FRST.txt
2015-04-10 22:46 - 2015-04-10 22:50 - 00000000 ____D () C:\FRST
2015-04-10 22:46 - 2015-04-10 22:46 - 02095616 _____ (Farbar) C:\Users\VISHRATNA\Downloads\FRST64.exe
2015-04-10 22:14 - 2015-04-10 22:14 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-10 22:14 - 2015-04-10 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-10 22:13 - 2015-04-10 22:18 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-10 22:13 - 2015-04-10 22:18 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-10 22:13 - 2015-04-10 22:13 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-10 22:13 - 2015-04-10 22:13 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-10 13:30 - 2015-04-10 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-10 13:28 - 2015-04-10 13:29 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\VISHRATNA\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-10 13:08 - 2015-04-10 13:08 - 00000000 ____D () C:\Program Files\McAfee
2015-04-10 12:56 - 2015-04-10 13:50 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-10 12:55 - 2015-04-10 12:56 - 08203864 _____ () C:\Users\VISHRATNA\Downloads\saSetup.exe
2015-04-10 11:53 - 2015-04-10 11:53 - 00046824 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\Arwflt.sys
2015-04-10 11:48 - 2015-04-10 11:48 - 00006305 _____ () C:\Windows\regact.dat
2015-04-10 11:47 - 2015-04-10 21:47 - 00000422 _____ () C:\Windows\Tasks\Resume Quickup Download.job
2015-04-10 11:47 - 2015-04-10 13:01 - 00000442 _____ () C:\Windows\Tasks\Guardian AntiMalware Scan.job
2015-04-10 11:47 - 2015-04-10 11:53 - 00270568 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\bdsflt.sys
2015-04-10 11:47 - 2015-04-10 11:53 - 00026344 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\bdsnm.sys
2015-04-10 11:47 - 2015-04-10 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guardian AntiVirus
2015-04-10 11:47 - 2015-04-10 11:47 - 00003520 _____ () C:\Windows\System32\Tasks\Guardian AntiMalware Scan
2015-04-10 11:47 - 2015-04-10 11:47 - 00003464 _____ () C:\Windows\System32\Tasks\Resume Quickup Download
2015-04-10 11:47 - 2014-05-19 16:45 - 00073960 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\wsnf.sys
2015-04-10 11:47 - 2014-03-17 16:45 - 00068328 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\llio.sys
2015-04-10 11:47 - 2013-12-30 14:51 - 00060648 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\webssx.sys
2015-04-10 11:47 - 2013-08-24 11:50 - 00040536 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\mscank.sys
2015-04-10 11:47 - 2013-07-20 20:57 - 00019032 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\EMLTDI.SYS
2015-04-10 11:46 - 2015-04-10 22:15 - 00000000 ____D () C:\Windows\system32\gprodat
2015-04-10 11:46 - 2015-04-10 11:46 - 00000000 ____D () C:\Program Files\Common Files\Quick Heal
2015-04-10 11:46 - 2013-09-07 11:59 - 00073816 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\ggc.sys
2015-04-10 11:40 - 2015-04-10 11:46 - 478086376 _____ (Quick Heal Technologies (P) Ltd.) C:\Users\VISHRATNA\Downloads\GUAR64.EXE
2015-04-10 11:15 - 2015-04-10 11:14 - 00001017 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2015-04-09 23:00 - 2015-04-09 23:00 - 02347384 _____ (ESET) C:\Users\VISHRATNA\Downloads\esetsmartinstaller_enu.exe
2015-04-09 22:56 - 2015-04-09 22:56 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\VISHRATNA\Downloads\SpyHunter-Installer (3).exe
2015-04-09 22:55 - 2015-04-09 22:56 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\VISHRATNA\Downloads\SpyHunter-Installer (2).exe
2015-04-09 22:54 - 2015-04-09 22:54 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\VISHRATNA\Downloads\spyhunter-installer (1).exe
2015-04-09 22:08 - 2015-04-09 22:08 - 00000000 _____ () C:\autoexec.bat
2015-04-09 22:05 - 2015-04-09 22:05 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\VISHRATNA\Downloads\SpyHunter-Installer.exe
2015-04-08 10:24 - 2015-04-08 10:24 - 00000107 _____ () C:\Windows\drvupdatesetup.log
2015-04-08 10:23 - 2015-04-08 10:23 - 21437144 _____ (Dell, Inc.) C:\Users\VISHRATNA\Downloads\DRVR_WIN_R278544.EXE
2015-04-08 10:23 - 2009-09-02 07:13 - 00131072 _____ (Dell, Inc.) C:\Windows\SysWOW64\DellSPMsg.dll
2015-04-03 10:45 - 2015-04-03 10:45 - 00003466 _____ () C:\Users\VISHRATNA\Downloads\133093452.htm
2015-04-02 15:48 - 2015-04-02 15:48 - 00000000 ____D () C:\Users\VISHRATNA\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-04-02 14:03 - 2015-04-02 14:04 - 02603176 _____ () C:\Users\VISHRATNA\Downloads\AdobeDownloadAssistant (2).exe
2015-04-02 14:03 - 2015-04-02 14:03 - 02603176 _____ () C:\Users\VISHRATNA\Downloads\AdobeDownloadAssistant (1).exe
2015-04-01 09:21 - 2015-04-09 13:06 - 00000000 ____D () C:\Users\VISHRATNA\Documents\April 2015 payments
2015-03-27 10:14 - 2015-03-27 10:14 - 00057005 _____ () C:\Users\VISHRATNA\Downloads\14141429572_AAAXXXXX2H_T16.zip
2015-03-20 14:50 - 2015-03-20 14:50 - 00089042 _____ () C:\Windows\sfxlst.dat
2015-03-18 17:26 - 2015-03-18 17:26 - 00000240 _____ () C:\Users\VISHRATNA\Downloads\Freddie_Awards_Updates.vcf
2015-03-11 11:28 - 2015-03-11 11:28 - 00056548 _____ () C:\Users\VISHRATNA\Downloads\14138881783-AAAxxxxx2H-G4.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-10 22:14 - 2012-10-27 13:07 - 00000000 ____D () C:\Users\VISHRATNA\AppData\Local\Google
2015-04-10 22:14 - 2012-10-27 13:07 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-10 22:14 - 2009-07-14 10:43 - 00766576 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 22:14 - 2009-07-14 10:15 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-10 22:14 - 2009-07-14 10:15 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 22:13 - 2012-12-20 22:01 - 00000000 ____D () C:\Users\VISHRATNA\AppData\Local\Deployment
2015-04-10 22:12 - 2012-10-28 00:56 - 01051671 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 22:11 - 2012-12-14 20:36 - 00004326 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{259A0401-48D5-4585-AC95-FCB4DE217569}
2015-04-10 22:09 - 2014-09-05 08:33 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-10 22:09 - 2013-07-17 07:29 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-10 22:09 - 2012-12-14 20:57 - 00000000 ____D () C:\ProgramData\VMware
2015-04-10 22:09 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 22:09 - 2009-07-14 10:21 - 00210600 _____ () C:\Windows\setupact.log
2015-04-10 22:09 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\tracing
2015-04-10 22:07 - 2012-10-27 12:54 - 04538910 _____ () C:\Windows\PFRO.log
2015-04-10 22:06 - 2013-07-20 18:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-10 21:57 - 2012-10-27 13:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-10 21:23 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\SchCache
2015-04-10 11:33 - 2013-02-28 10:58 - 00000000 ____D () C:\Users\VISHRATNA\AppData\Roaming\PrimoPDF
2015-04-10 11:32 - 2012-10-27 12:52 - 00108840 _____ () C:\Users\VISHRATNA\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-10 11:03 - 2009-07-14 10:15 - 00416080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-10 10:52 - 2012-10-27 12:30 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-10 10:52 - 2012-10-27 12:30 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-10 00:08 - 2012-10-27 13:02 - 00000000 ____D () C:\Users\VISHRATNA\AppData\Roaming\vlc
2015-04-08 10:23 - 2012-10-27 12:48 - 00000000 ____D () C:\dell
2015-04-05 15:22 - 2009-07-14 10:38 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-02 14:20 - 2015-02-15 22:05 - 00000000 ____D () C:\Users\VISHRATNA\Downloads\Adobe Acrobat XI Pro
2015-04-02 10:11 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-30 12:58 - 2015-03-02 22:07 - 00000000 ____D () C:\Users\VISHRATNA\Documents\March 2015 payments
 
==================== Files in the root of some directories =======
 
2012-10-28 19:59 - 2012-11-14 20:45 - 0000308 _____ () C:\Users\VISHRATNA\AppData\Roaming\Rim.Desktop.Exception.log
2012-10-28 19:59 - 2012-10-28 19:59 - 0001153 _____ () C:\Users\VISHRATNA\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-10-28 19:59 - 2012-11-14 20:45 - 0000308 _____ () C:\Users\VISHRATNA\AppData\Roaming\Rim.DesktopHelper.Exception.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 20:28
 
==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by VISHRATNA (administrator) on VISHRATNA-PC on 10-04-2015 22:50:35
Running from C:\Users\VISHRATNA\Downloads
Loaded Profiles: VISHRATNA (Available profiles: VISHRATNA)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
() C:\ProgramData\airtel\OnlineUpdate\ouc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\BDSSVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\emlproxy.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\OPSSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\quhlpsvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\scanwscs.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\ONLINENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Guardian AntiVirus\SAPISSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Guardian AntiVirus\strtupap.exe [196704 2013-11-25] (Quick Heal Technologies (P) Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Quick Heal\Guardian AntiVirus\SFMDPRT.EXE,
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {81029776-34ad-11e3-a228-001e101f2c0e} - E:\AutoRun.exe
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {85c97fac-3643-11e2-a831-c0cb38a985d8} - E:\AutoRun.exe
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {96e2060a-ee7a-11e2-93c9-c0cb38a985d8} - E:\AutoRun.exe
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {96e20637-ee7a-11e2-93c9-c0cb38a985d8} - E:\AutoRun.exe
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {971df83e-3494-11e2-9c8f-c0cb38a985d8} - E:\Setup.exe /Auto
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {ff661800-3490-11e2-a955-c0cb38a985d8} - E:\AutoRun.exe
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\MountPoints2: {ff661810-3490-11e2-a955-c0cb38a985d8} - E:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-in/?ocid=iehp
Toolbar: HKU\S-1-5-21-1918348328-2855527503-2645124431-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1918348328-2855527503-2645124431-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-1918348328-2855527503-2645124431-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [330352] (VMware, Inc.)
Winsock: Catalog9 13 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [330352] (VMware, Inc.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438384] (VMware, Inc.)
Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438384] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.163.64.81 8.8.8.8
Tcpip\..\Interfaces\{255D56FE-1764-4FA4-8356-E191E1B3F164}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{F8430EE6-37D1-4DC4-9958-414A1655A2EE}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF ProfilePath: C:\Users\VISHRATNA\AppData\Roaming\Mozilla\Firefox\Profiles\hla4688c.default-1407599241111
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\VISHRATNA\AppData\Roaming\mozilla\plugins\npatgpc.dll [2012-11-21] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR Profile: C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-10]
CHR Extension: (Google Docs) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-10]
CHR Extension: (Google Drive) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-10]
CHR Extension: (YouTube) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-10]
CHR Extension: (Google Search) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-10]
CHR Extension: (Google Sheets) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
CHR Extension: (Google Wallet) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-10]
CHR Extension: (Gmail) - C:\Users\VISHRATNA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 airtel. RunOuc; C:\Program Files (x86)\airtel\UpdateDog\ouc.exe [655216 2013-10-30] () [File not signed]
S2 arwsrvc; C:\Program Files\Quick Heal\Guardian AntiVirus\arwsrvc.exe [296040 2015-04-10] (Quick Heal Technologies (P) Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Guardian AntiVirus\bdssvc.exe [27584 2013-08-26] (Quick Heal Technologies (P) Ltd.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Guardian AntiVirus\EMLPROXY.EXE [44136 2015-04-10] (Quick Heal Technologies (P) Ltd.)
S2 Core Scanning Server; C:\Program Files\Quick Heal\Guardian AntiVirus\SAPISSVC.EXE [262568 2013-08-12] (Quick Heal Technologies (P) Ltd.)
R2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Guardian AntiVirus\SAPISSVC.EXE [262568 2013-08-12] (Quick Heal Technologies (P) Ltd.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Online Protection System; C:\Program Files\Quick Heal\Guardian AntiVirus\opssvc.exe [34728 2013-08-12] (Quick Heal Technologies (P) Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Quick Update Service; C:\Program Files\Quick Heal\Guardian AntiVirus\quhlpsvc.exe [128104 2015-04-10] (Quick Heal Technologies (P) Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Guardian AntiVirus\SCANWSCS.EXE [319152 2015-04-10] (Quick Heal Technologies (P) Ltd.)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2008-12-01] (VMware, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-18] (Dell Inc.) [File not signed]
S2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [X]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [46824 2015-04-10] (Quick Heal Technologies (P) Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [270568 2015-04-10] (Quick Heal Technologies (P) Ltd.)
R1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [26344 2015-04-10] (Quick Heal Technologies (P) Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [61672 2014-04-28] (Quick Heal Technologies (P) Ltd.)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [19032 2013-07-20] (Quick Heal Technologies (P) Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [73816 2013-09-07] (Quick Heal Technologies (P) Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [68328 2014-03-17] (Quick Heal Technologies (P) Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [40536 2013-08-24] (Quick Heal Technologies (P) Ltd.)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [30832 2010-11-19] (VMware, Inc.)
R2 webssx; C:\Windows\System32\DRIVERS\webssx.sys [60648 2013-12-30] (Quick Heal Technologies (P) Ltd.)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [73960 2014-05-19] (Quick Heal Technologies (P) Ltd.)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-04] (ZTEMT Incorporated)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-10 22:49 - 2015-04-10 22:50 - 00026548 _____ () C:\Users\VISHRATNA\Downloads\Addition.txt
2015-04-10 22:47 - 2015-04-10 22:50 - 00012839 _____ () C:\Users\VISHRATNA\Downloads\FRST.txt
2015-04-10 22:46 - 2015-04-10 22:50 - 00000000 ____D () C:\FRST
2015-04-10 22:46 - 2015-04-10 22:46 - 02095616 _____ (Farbar) C:\Users\VISHRATNA\Downloads\FRST64.exe
2015-04-10 22:14 - 2015-04-10 22:14 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-10 22:14 - 2015-04-10 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-10 22:13 - 2015-04-10 22:18 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-10 22:13 - 2015-04-10 22:18 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-10 22:13 - 2015-04-10 22:13 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-10 22:13 - 2015-04-10 22:13 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-10 13:30 - 2015-04-10 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-10 13:28 - 2015-04-10 13:29 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\VISHRATNA\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-10 13:08 - 2015-04-10 13:08 - 00000000 ____D () C:\Program Files\McAfee
2015-04-10 12:56 - 2015-04-10 13:50 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-10 12:55 - 2015-04-10 12:56 - 08203864 _____ () C:\Users\VISHRATNA\Downloads\saSetup.exe
2015-04-10 11:53 - 2015-04-10 11:53 - 00046824 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\Arwflt.sys
2015-04-10 11:48 - 2015-04-10 11:48 - 00006305 _____ () C:\Windows\regact.dat
2015-04-10 11:47 - 2015-04-10 21:47 - 00000422 _____ () C:\Windows\Tasks\Resume Quickup Download.job
2015-04-10 11:47 - 2015-04-10 13:01 - 00000442 _____ () C:\Windows\Tasks\Guardian AntiMalware Scan.job
2015-04-10 11:47 - 2015-04-10 11:53 - 00270568 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\bdsflt.sys
2015-04-10 11:47 - 2015-04-10 11:53 - 00026344 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\bdsnm.sys
2015-04-10 11:47 - 2015-04-10 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guardian AntiVirus
2015-04-10 11:47 - 2015-04-10 11:47 - 00003520 _____ () C:\Windows\System32\Tasks\Guardian AntiMalware Scan
2015-04-10 11:47 - 2015-04-10 11:47 - 00003464 _____ () C:\Windows\System32\Tasks\Resume Quickup Download
2015-04-10 11:47 - 2014-05-19 16:45 - 00073960 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\wsnf.sys
2015-04-10 11:47 - 2014-03-17 16:45 - 00068328 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\llio.sys
2015-04-10 11:47 - 2013-12-30 14:51 - 00060648 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\webssx.sys
2015-04-10 11:47 - 2013-08-24 11:50 - 00040536 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\mscank.sys
2015-04-10 11:47 - 2013-07-20 20:57 - 00019032 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\EMLTDI.SYS
2015-04-10 11:46 - 2015-04-10 22:15 - 00000000 ____D () C:\Windows\system32\gprodat
2015-04-10 11:46 - 2015-04-10 11:46 - 00000000 ____D () C:\Program Files\Common Files\Quick Heal
2015-04-10 11:46 - 2013-09-07 11:59 - 00073816 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\ggc.sys
2015-04-10 11:40 - 2015-04-10 11:46 - 478086376 _____ (Quick Heal Technologies (P) Ltd.) C:\Users\VISHRATNA\Downloads\GUAR64.EXE
2015-04-10 11:15 - 2015-04-10 11:14 - 00001017 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2015-04-09 23:00 - 2015-04-09 23:00 - 02347384 _____ (ESET) C:\Users\VISHRATNA\Downloads\esetsmartinstaller_enu.exe
2015-04-09 22:56 - 2015-04-09 22:56 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\VISHRATNA\Downloads\SpyHunter-Installer (3).exe
2015-04-09 22:55 - 2015-04-09 22:56 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\VISHRATNA\Downloads\SpyHunter-Installer (2).exe
2015-04-09 22:54 - 2015-04-09 22:54 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\VISHRATNA\Downloads\spyhunter-installer (1).exe
2015-04-09 22:08 - 2015-04-09 22:08 - 00000000 _____ () C:\autoexec.bat
2015-04-09 22:05 - 2015-04-09 22:05 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\VISHRATNA\Downloads\SpyHunter-Installer.exe
2015-04-08 10:24 - 2015-04-08 10:24 - 00000107 _____ () C:\Windows\drvupdatesetup.log
2015-04-08 10:23 - 2015-04-08 10:23 - 21437144 _____ (Dell, Inc.) C:\Users\VISHRATNA\Downloads\DRVR_WIN_R278544.EXE
2015-04-08 10:23 - 2009-09-02 07:13 - 00131072 _____ (Dell, Inc.) C:\Windows\SysWOW64\DellSPMsg.dll
2015-04-03 10:45 - 2015-04-03 10:45 - 00003466 _____ () C:\Users\VISHRATNA\Downloads\133093452.htm
2015-04-02 15:48 - 2015-04-02 15:48 - 00000000 ____D () C:\Users\VISHRATNA\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-04-02 14:03 - 2015-04-02 14:04 - 02603176 _____ () C:\Users\VISHRATNA\Downloads\AdobeDownloadAssistant (2).exe
2015-04-02 14:03 - 2015-04-02 14:03 - 02603176 _____ () C:\Users\VISHRATNA\Downloads\AdobeDownloadAssistant (1).exe
2015-04-01 09:21 - 2015-04-09 13:06 - 00000000 ____D () C:\Users\VISHRATNA\Documents\April 2015 payments
2015-03-27 10:14 - 2015-03-27 10:14 - 00057005 _____ () C:\Users\VISHRATNA\Downloads\14141429572_AAAXXXXX2H_T16.zip
2015-03-20 14:50 - 2015-03-20 14:50 - 00089042 _____ () C:\Windows\sfxlst.dat
2015-03-18 17:26 - 2015-03-18 17:26 - 00000240 _____ () C:\Users\VISHRATNA\Downloads\Freddie_Awards_Updates.vcf
2015-03-11 11:28 - 2015-03-11 11:28 - 00056548 _____ () C:\Users\VISHRATNA\Downloads\14138881783-AAAxxxxx2H-G4.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-10 22:14 - 2012-10-27 13:07 - 00000000 ____D () C:\Users\VISHRATNA\AppData\Local\Google
2015-04-10 22:14 - 2012-10-27 13:07 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-10 22:14 - 2009-07-14 10:43 - 00766576 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 22:14 - 2009-07-14 10:15 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-10 22:14 - 2009-07-14 10:15 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 22:13 - 2012-12-20 22:01 - 00000000 ____D () C:\Users\VISHRATNA\AppData\Local\Deployment
2015-04-10 22:12 - 2012-10-28 00:56 - 01051671 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 22:11 - 2012-12-14 20:36 - 00004326 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{259A0401-48D5-4585-AC95-FCB4DE217569}
2015-04-10 22:09 - 2014-09-05 08:33 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-10 22:09 - 2013-07-17 07:29 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-10 22:09 - 2012-12-14 20:57 - 00000000 ____D () C:\ProgramData\VMware
2015-04-10 22:09 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 22:09 - 2009-07-14 10:21 - 00210600 _____ () C:\Windows\setupact.log
2015-04-10 22:09 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\tracing
2015-04-10 22:07 - 2012-10-27 12:54 - 04538910 _____ () C:\Windows\PFRO.log
2015-04-10 22:06 - 2013-07-20 18:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-10 21:57 - 2012-10-27 13:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-10 21:23 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\SchCache
2015-04-10 11:33 - 2013-02-28 10:58 - 00000000 ____D () C:\Users\VISHRATNA\AppData\Roaming\PrimoPDF
2015-04-10 11:32 - 2012-10-27 12:52 - 00108840 _____ () C:\Users\VISHRATNA\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-10 11:03 - 2009-07-14 10:15 - 00416080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-10 10:52 - 2012-10-27 12:30 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-10 10:52 - 2012-10-27 12:30 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-10 00:08 - 2012-10-27 13:02 - 00000000 ____D () C:\Users\VISHRATNA\AppData\Roaming\vlc
2015-04-08 10:23 - 2012-10-27 12:48 - 00000000 ____D () C:\dell
2015-04-05 15:22 - 2009-07-14 10:38 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-02 14:20 - 2015-02-15 22:05 - 00000000 ____D () C:\Users\VISHRATNA\Downloads\Adobe Acrobat XI Pro
2015-04-02 10:11 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-30 12:58 - 2015-03-02 22:07 - 00000000 ____D () C:\Users\VISHRATNA\Documents\March 2015 payments
 
==================== Files in the root of some directories =======
 
2012-10-28 19:59 - 2012-11-14 20:45 - 0000308 _____ () C:\Users\VISHRATNA\AppData\Roaming\Rim.Desktop.Exception.log
2012-10-28 19:59 - 2012-10-28 19:59 - 0001153 _____ () C:\Users\VISHRATNA\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-10-28 19:59 - 2012-11-14 20:45 - 0000308 _____ () C:\Users\VISHRATNA\AppData\Roaming\Rim.DesktopHelper.Exception.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 20:28
 
==================== End Of Log ============================


#3 DESKTOPHELP

DESKTOPHELP
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 AM

Posted 10 April 2015 - 12:34 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by VISHRATNA at 2015-04-10 22:50:56
Running from C:\Users\VISHRATNA\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Guardian AntiVirus 2014 (Enabled - Up to date) {60EE5BF4-3309-ABA7-3A00-C88B68B340E6}
AS: Guardian AntiVirus 2014 (Enabled - Up to date) {DB8FBA10-1533-A429-00B0-F3F913340A5B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Guardian Firewall (Enabled) {58D5DAD1-7966-AAFF-115F-61BE9660079D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.3.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.3 - Adobe Systems Incorporated)
airtel (HKLM-x32\...\airtel) (Version: 23.009.15.11.284 - Huawei Technologies Co.,Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AmiBroker 5.80.3 (HKLM-x32\...\AmiBroker_is1) (Version: 5.80 - AmiBroker.com)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.80.4.0 - Conexant)
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
Dell System Detect (HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\...\9204f5692a8faf3b) (Version: 3.3.2.0 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.125 - ALPS ELECTRIC CO., LTD.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guardian AntiVirus (HKLM\...\Guardian AntiVirus) (Version: 15.00 - Quick Heal Technologies Pvt. Ltd.)
Guardian AntiVirus (Version: 15.00 - Quick Heal) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
IIFL Trader Terminal (HKLM-x32\...\{6701BE65-01D4-483A-9F8F-8C6414CC7432}) (Version: 1.0.0 - IIFL)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2281 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
VLC media player 0.9.2 (HKLM-x32\...\VLC media player) (Version: 0.9.2 - VideoLAN Team)
VMware Workstation (HKLM-x32\...\{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}) (Version: 6.5.5.15075 - VMware, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1918348328-2855527503-2645124431-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\VISHRATNA\AppData\Local\Workspace\wbetoolsax64.dll No File
 
==================== Restore Points  =========================
 
10-04-2015 22:05:27 Removed Skype Click to Call
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2015-04-10 22:15 - 00000347 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03345EB0-2B2C-46DE-AB28-D94C603C3F33} - System32\Tasks\{D4638F4E-9FAC-4802-B9D0-FB2D882A92F1} => pcalua.exe -a C:\Users\VISHRATNA\Downloads\NM30.EXE -d C:\Users\VISHRATNA\Downloads
Task: {0EEF3DE1-C4CB-443F-95D6-E8284BD1957A} - System32\Tasks\{CD69A329-A60A-4F77-8429-84F703922954} => D:\VMware.Workstation.v6.0.0.45731.and.ACE.Edition-ZWT_CRP\keygen\keygen.exe
Task: {162E4E3C-64D1-4BB6-9D4C-A810716FF3A7} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe
Task: {2DB4FE6F-D21A-423E-8D89-A7012B52247C} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Guardian AntiVirus\ACAPPAA.EXE [2014-02-04] (Quick Heal Technologies (P) Ltd.)
Task: {3A9FCC1D-848D-49A2-8F67-C668057E72DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {3E920A41-AB30-49FE-A816-7B00F9D59140} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {524EE6B3-2D7D-4430-B881-B45DC62760D1} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe
Task: {5927284F-19FF-48B5-9B3E-FDFBF696B083} - System32\Tasks\Guardian AntiMalware Scan => C:\Program Files\Quick Heal\Guardian AntiVirus\ASMAIN.EXE [2015-04-10] (Quick Heal Technologies (P) Ltd.)
Task: {7BB6B035-E86F-4EFC-9BE0-8E4AAFA50B3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)
Task: {7C913766-FE0B-454F-A5B1-F4E4C95D2442} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Guardian AntiMalware Scan.job => C:\Program Files\Quick Heal\Guardian AntiVirus\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Guardian AntiVirus\ACAPPAA.EXE
 
==================== Loaded Modules (whitelisted) ==============
 
2014-05-18 13:20 - 2013-04-01 18:21 - 00178688 _____ () C:\Windows\System32\HP1005LM.DLL
2013-02-28 10:54 - 2009-12-21 07:12 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
2014-05-18 13:20 - 2013-04-01 18:21 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1005PP.dll
2014-11-26 13:36 - 2013-10-30 20:08 - 00655216 _____ () C:\ProgramData\airtel\OnlineUpdate\ouc.exe
2015-04-10 11:53 - 2015-04-10 11:53 - 00025192 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\bdsres.dll
2014-08-26 16:02 - 2014-08-26 16:02 - 00069632 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\SCANAPI.DLL
2014-09-09 15:53 - 2015-04-10 22:13 - 01095168 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\scansdk.dll
2014-09-03 22:14 - 2015-04-10 22:13 - 00478720 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\platform.dll
2014-07-23 18:37 - 2015-04-10 22:13 - 00035328 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\filesdk.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00012800 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\DRVCOMM.DLL
2014-08-27 22:42 - 2015-04-10 22:13 - 00037888 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\mbfswrap.dll
2014-06-25 19:09 - 2015-04-10 22:13 - 00235008 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\disasm.dll
2011-03-14 20:57 - 2011-03-14 20:57 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2012-10-27 12:33 - 2005-06-07 12:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-08-26 16:02 - 2014-08-26 16:02 - 00069632 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\scanapi.dll
2014-09-09 15:53 - 2015-04-10 22:13 - 00290816 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\scan.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00007680 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\VIRLIST.DLL
2014-06-09 10:38 - 2015-04-10 22:13 - 00274432 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\boot.dll
2014-08-16 19:25 - 2015-04-10 22:13 - 00417792 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\mltiscan.dll
2014-09-06 16:09 - 2015-04-10 22:13 - 00836096 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\pescan.dll
2014-09-13 21:43 - 2015-04-10 22:13 - 04409344 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\pepoly.dll
2014-08-31 00:36 - 2015-04-10 22:13 - 00403456 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\arcvsdk.dll
2014-09-08 11:56 - 2015-04-10 22:13 - 01290752 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\lzesdk.dll
2014-09-15 13:31 - 2015-04-10 22:13 - 07813632 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\heurscan.dll
2014-09-02 19:11 - 2015-04-10 22:13 - 00312320 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\bkdrscan.dll
2014-09-08 11:56 - 2015-04-10 22:13 - 00329728 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\dospoly.dll
2014-09-09 15:53 - 2015-04-10 22:13 - 00397312 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\vbsscan.dll
2014-09-13 21:43 - 2015-04-10 22:13 - 02424832 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\miscscan.dll
2014-09-09 15:53 - 2015-04-10 22:13 - 00121856 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\olesdk.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00008192 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\ARJSDK.DLL
2012-03-02 14:02 - 2012-03-02 14:02 - 00020992 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\UNARJ32.DLL
2014-07-29 13:50 - 2015-04-10 22:13 - 00140288 _____ () C:\Program Files\Quick Heal\Guardian AntiVirus\rarsdk.dll
2014-11-26 13:36 - 2013-10-30 20:05 - 00016344 _____ () C:\ProgramData\airtel\OnlineUpdate\mingwm10.dll
2014-11-26 13:36 - 2013-10-30 20:05 - 00047984 _____ () C:\ProgramData\airtel\OnlineUpdate\libgcc_s_dw2-1.dll
2014-11-26 13:36 - 2013-10-30 20:06 - 02422128 _____ () C:\ProgramData\airtel\OnlineUpdate\QtCore4.dll
2014-11-26 13:36 - 2013-10-30 20:07 - 01153392 _____ () C:\ProgramData\airtel\OnlineUpdate\QtNetwork4.dll
2014-11-26 13:36 - 2013-10-30 20:10 - 00844656 _____ () C:\ProgramData\airtel\OnlineUpdate\QueryStrategy.dll
2014-11-26 13:36 - 2013-10-30 20:07 - 00403312 _____ () C:\ProgramData\airtel\OnlineUpdate\QtXml4.dll
2010-11-19 23:17 - 2010-11-19 23:17 - 00970352 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2010-11-19 23:18 - 2010-11-19 23:18 - 00068720 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
2015-04-10 22:14 - 2015-03-31 02:37 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-10 22:14 - 2015-03-31 02:37 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-10 22:14 - 2015-03-31 02:37 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-10 22:14 - 2015-03-31 02:37 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1918348328-2855527503-2645124431-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\VISHRATNA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\VISHRATNA\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: vmware-tray => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1918348328-2855527503-2645124431-500 - Administrator - Disabled)
Guest (S-1-5-21-1918348328-2855527503-2645124431-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1918348328-2855527503-2645124431-1002 - Limited - Enabled)
VISHRATNA (S-1-5-21-1918348328-2855527503-2645124431-1000 - Administrator - Enabled) => C:\Users\VISHRATNA
__vmware_user__ (S-1-5-21-1918348328-2855527503-2645124431-1006 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: mscank
Description: mscank
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mscank
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/10/2015 10:06:54 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (04/10/2015 00:58:57 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription
 
Error: (04/10/2015 11:02:56 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription
 
Error: (04/09/2015 11:01:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (04/09/2015 11:00:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (04/09/2015 10:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bcmwltry.exe, version: 5.100.235.13, time stamp: 0x4d2e744a
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdfe0
Exception code: 0xc000041d
Fault offset: 0x000000000000aa7d
Faulting process id: 0x580
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
Error: (04/09/2015 10:01:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {99b3813a-a092-498d-8406-d7d2f74cc8f9}
 
Error: (04/09/2015 05:43:10 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (328) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 32Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
 
Possible long-running transaction:
 
SessionId: 0x00000000016904A0
 
Session-context: 0x00000000
 
Session-context ThreadId: 0x0000000000001308
 
Cleanup: 1
 
Error: (04/09/2015 05:42:11 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (328) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 32Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
 
Possible long-running transaction:
 
SessionId: 0x00000000016904A0
 
Session-context: 0x00000000
 
Session-context ThreadId: 0x0000000000001308
 
Cleanup: 1
 
Error: (04/09/2015 11:11:06 AM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
 
System errors:
=============
Error: (04/10/2015 10:09:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel. OUC service failed to start due to the following error: 
%%1053
 
Error: (04/10/2015 10:09:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel. OUC service to connect.
 
Error: (04/10/2015 10:09:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Andrea ST Filters Service service failed to start due to the following error: 
%%2
 
Error: (04/10/2015 10:09:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Audio Service service failed to start due to the following error: 
%%2
 
Error: (04/10/2015 10:09:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Anti-Ransomware Service service hung on starting.
 
Error: (04/10/2015 10:03:11 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (04/10/2015 09:24:53 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (04/10/2015 09:24:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel. OUC service failed to start due to the following error: 
%%1053
 
Error: (04/10/2015 09:24:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel. OUC service to connect.
 
Error: (04/10/2015 09:24:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Andrea ST Filters Service service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (08/01/2014 08:21:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 135 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 28%
Total physical RAM: 7989.85 MB
Available physical RAM: 5734.9 MB
Total Pagefile: 15977.85 MB
Available Pagefile: 13752.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:75.21 GB) (Free:7.76 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:73.74 GB) (Free:17 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: B8E7F5CC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=75.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 DESKTOPHELP

DESKTOPHELP
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:43 AM

Posted 11 April 2015 - 11:25 AM

The Issue is resolved, Quick heal guys were too good, they knew exactly where the problem was, went straight to DNS server and it was pointing to a Malaysian server address which was redirected and changed to MY ISP Dns server and the things have all vanished.

 

no requirement of Adware, malware, Registry all these things , The guy took remote control of the system  and cleared in 5 minutes, Previous Antivirus team was not of any help.

 

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:13 PM

Posted 12 April 2015 - 08:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users