Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 sahil malhotra

sahil malhotra

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 21 May 2015 - 02:09 PM

whenever I open ant website on google, after opening it when i click on anything on it i get redirected to an entirelly new website, generally a porn one. In the recent past i have tried several antiviruses like hitman pro, malware bites, and even i tried combofix today but the problem remains there. I have disabled IE though i have original win7 because i have low ram, 2 gb.

some of the links where i redirected are

 

 

 
  1. 12:02 AM
  2. 12:02 AM
    citymovies.info
  3. 12:02 AM
    4porno.tv
  4. 12:02 AM
    bighot.ru
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by sahil (administrator) on SAHIL-HP on 21-05-2015 23:16:49
Running from C:\Users\sahil\Downloads
Loaded Profiles: sahil (Available profiles: sahil)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2013-02-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [170264 2012-03-30] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [398616 2012-03-30] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [439064 2012-03-30] (Intel Corporation)
HKLM-x32\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM-x32\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2013-02-28] (Intel Corporation)
HKLM-x32\...\Run: [S307M] => C:\Program Files (x86)\MTNL 3G Modem\Delhi\Resource\driver\MctlSuc.exe [113152 2011-12-20] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-04-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-111078-17344-8/4?satitle={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-111078-17344-8/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4262443793-2968545166-1396318449-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4262443793-2968545166-1396318449-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-111078-17344-8/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-4262443793-2968545166-1396318449-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 37.48.127.131 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-10-26] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-10-26] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2014-03-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\sahil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @talk.google.com/O1DPlugin -> C:\Users\sahil\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @tools.google.com/Google Update;version=3 -> C:\Users\sahil\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @tools.google.com/Google Update;version=9 -> C:\Users\sahil\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: hp.com/HPDetect -> C:\Users\sahil\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin ProgramFiles/Appdata: C:\Users\sahil\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\sahil\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Perion plugin) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Perion plugin) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-27]
CHR Extension: (Google Wallet) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-28] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-11-04] (WildTangent)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-10-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-10-26] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-04-21] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-04] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-21] (Emsisoft GmbH)
S3 cmntusbser; C:\Windows\System32\DRIVERS\cmntusbser.sys [126592 2011-04-21] (Wireless Device)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2013-02-28] (Synaptics Incorporated)
S3 u343bus; C:\Windows\System32\DRIVERS\u343bus.sys [159304 2010-12-06] (MCCI Corporation)
S3 u343mdfl; C:\Windows\System32\DRIVERS\u343mdfl.sys [19016 2010-12-06] (MCCI Corporation)
S3 u343mdm; C:\Windows\System32\DRIVERS\u343mdm.sys [179272 2010-12-06] (MCCI Corporation)
S3 u343mgmt; C:\Windows\System32\DRIVERS\u343mgmt.sys [160328 2010-12-06] (MCCI Corporation)
S3 u343nn62; C:\Windows\System32\DRIVERS\u343nn62.sys [38984 2010-12-06] (MCCI Corporation)
S3 u343nu; C:\Windows\System32\DRIVERS\u343nu.sys [192584 2010-12-06] (MCCI Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-21 23:16 - 2015-05-21 23:17 - 00020005 _____ () C:\Users\sahil\Downloads\FRST.txt
2015-05-21 23:16 - 2015-05-21 23:17 - 00000000 ____D () C:\FRST
2015-05-21 23:14 - 2015-05-21 23:16 - 02108416 _____ (Farbar) C:\Users\sahil\Downloads\FRST64.exe
2015-05-21 22:28 - 2015-05-21 22:28 - 00029317 _____ () C:\ComboFix.txt
2015-05-21 21:48 - 2015-05-21 22:28 - 00000000 ____D () C:\Qoobox
2015-05-21 21:48 - 2011-06-26 12:15 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-21 21:48 - 2010-11-07 22:50 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-21 21:48 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00098816 _____ () C:\Windows\sed.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00080412 _____ () C:\Windows\grep.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00068096 _____ () C:\Windows\zip.exe
2015-05-21 21:47 - 2015-05-21 22:26 - 00000000 ____D () C:\Windows\erdnt
2015-05-21 21:32 - 2015-05-21 21:41 - 05627500 ____R (Swearware) C:\Users\sahil\Downloads\ComboFix.exe
2015-05-20 01:18 - 2015-03-14 08:51 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-20 01:18 - 2015-03-14 08:51 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-20 01:18 - 2015-03-14 08:34 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-20 01:18 - 2015-03-14 08:34 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-18 22:14 - 2015-05-18 22:14 - 00189320 _____ (Kaspersky Lab) C:\Users\sahil\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6222.exe
2015-05-18 22:06 - 2015-04-21 23:00 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\sahil\Desktop\tdsskiller.exe
2015-05-18 20:39 - 2015-05-21 12:37 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForsahil
2015-05-16 22:54 - 2015-05-21 22:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForsahil.job
2015-05-14 16:21 - 2015-05-14 16:21 - 00000000 ____D () C:\Windows\Temp9D87135D-C587-F581-6A22-D0026C5098FB-Signatures
2015-05-14 16:08 - 2015-05-01 18:47 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:07 - 2015-05-01 18:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 14:12 - 2015-05-14 14:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-14 13:53 - 2015-05-14 13:53 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-05-14 13:50 - 2015-05-14 13:50 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-13 23:10 - 2015-04-22 07:58 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 23:10 - 2015-04-22 07:18 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 23:10 - 2015-04-21 22:44 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 23:10 - 2015-04-21 22:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 23:10 - 2015-04-21 22:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 23:10 - 2015-04-21 22:21 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 23:10 - 2015-04-21 22:20 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 23:10 - 2015-04-21 22:20 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 23:10 - 2015-04-21 22:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 23:10 - 2015-04-21 22:19 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 23:10 - 2015-04-21 22:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 23:10 - 2015-04-21 22:11 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 23:10 - 2015-04-21 22:10 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 23:10 - 2015-04-21 22:07 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 23:10 - 2015-04-21 22:05 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 23:10 - 2015-04-21 22:05 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 23:10 - 2015-04-21 22:05 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 23:10 - 2015-04-21 22:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 23:10 - 2015-04-21 22:01 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 23:10 - 2015-04-21 21:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 23:10 - 2015-04-21 21:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 23:10 - 2015-04-21 21:54 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 23:10 - 2015-04-21 21:52 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 23:10 - 2015-04-21 21:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 23:10 - 2015-04-21 21:41 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 23:10 - 2015-04-21 21:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 23:10 - 2015-04-21 21:40 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 23:10 - 2015-04-21 21:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 23:10 - 2015-04-21 21:39 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 23:10 - 2015-04-21 21:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 23:10 - 2015-04-21 21:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 23:10 - 2015-04-21 21:35 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 23:10 - 2015-04-21 21:34 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 23:10 - 2015-04-21 21:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 23:10 - 2015-04-21 21:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 23:10 - 2015-04-21 21:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 23:10 - 2015-04-21 21:28 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 23:10 - 2015-04-21 21:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 23:10 - 2015-04-21 21:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 23:10 - 2015-04-21 21:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 23:10 - 2015-04-21 21:19 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 23:10 - 2015-04-21 21:18 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 23:10 - 2015-04-21 21:17 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 23:10 - 2015-04-21 21:16 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 23:10 - 2015-04-21 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 23:10 - 2015-04-21 21:10 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 23:10 - 2015-04-21 21:09 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 23:10 - 2015-04-21 21:08 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 23:10 - 2015-04-21 21:06 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 23:10 - 2015-04-21 21:01 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 23:10 - 2015-04-21 20:57 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 23:10 - 2015-04-21 20:56 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 23:10 - 2015-04-21 20:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 23:10 - 2015-04-21 20:54 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 23:10 - 2015-04-21 20:47 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 23:10 - 2015-04-21 20:45 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 23:10 - 2015-04-21 20:33 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 23:10 - 2015-04-21 20:32 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 23:10 - 2015-04-21 20:28 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 23:10 - 2015-04-21 20:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 22:42 - 2015-04-28 00:58 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 22:42 - 2015-04-28 00:58 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 22:42 - 2015-04-28 00:58 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 22:42 - 2015-04-28 00:56 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 22:42 - 2015-04-28 00:52 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 22:42 - 2015-04-28 00:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 22:42 - 2015-04-28 00:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 22:42 - 2015-04-28 00:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:41 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 22:42 - 2015-04-28 00:41 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 22:42 - 2015-04-28 00:38 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 22:42 - 2015-04-28 00:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 22:42 - 2015-04-28 00:34 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 22:42 - 2015-04-28 00:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 22:42 - 2015-04-28 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 22:42 - 2015-04-28 00:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 22:42 - 2015-04-28 00:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 22:42 - 2015-04-28 00:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:36 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 22:42 - 2015-04-27 23:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 22:42 - 2015-04-27 23:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 22:42 - 2015-04-27 23:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 22:42 - 2015-04-13 08:58 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 22:38 - 2015-05-05 06:59 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 22:38 - 2015-05-05 06:42 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 22:38 - 2015-04-18 08:40 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 22:38 - 2015-04-18 08:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 22:27 - 2015-04-20 08:47 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 22:27 - 2015-04-20 08:47 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 22:27 - 2015-04-20 08:26 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 22:27 - 2015-04-20 07:41 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 22:27 - 2015-04-08 08:59 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 22:27 - 2015-04-08 08:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 22:25 - 2015-01-29 08:49 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 22:25 - 2015-01-29 08:32 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 22:22 - 2015-02-18 12:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 22:22 - 2015-02-18 12:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 22:21 - 2015-03-04 10:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 22:21 - 2015-03-04 10:11 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 22:21 - 2015-03-04 10:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 22:21 - 2015-03-04 10:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 22:21 - 2015-03-04 09:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 22:21 - 2015-03-04 09:40 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 22:21 - 2015-03-04 09:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-04-30 01:47 - 2015-04-30 01:47 - 00000000 ____D () C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}
2015-04-30 01:35 - 2015-04-30 01:44 - 37602760 _____ (Hewlett-Packard ) C:\Users\sahil\Downloads\sp68201.exe
2015-04-30 01:21 - 2015-04-30 01:21 - 00000000 ____D () C:\MATS
2015-04-27 13:19 - 2015-04-27 13:19 - 00000000 _____ () C:\Windows\SysWOW64\sho5C24.tmp
2015-04-26 01:17 - 2015-04-26 01:17 - 00280448 _____ () C:\Windows\Minidump\042615-18205-01.dmp
2015-04-23 14:32 - 2015-04-23 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MMX310G 3G USB Manager
2015-04-23 14:32 - 2015-04-23 14:32 - 00000000 ____D () C:\Program Files (x86)\MMX310G 3G USB Manager
2015-04-23 14:32 - 2011-04-21 13:13 - 00126592 _____ (Wireless Device) C:\Windows\system32\Drivers\cmntusbser.sys
2015-04-22 22:59 - 2015-04-22 23:55 - 00000000 ____D () C:\Users\sahil\Desktop\registry
2015-04-22 21:09 - 2015-04-22 21:09 - 00000000 _____ () C:\autoexec.bat
2015-04-22 11:36 - 2015-04-22 11:36 - 00000000 ____D () C:\Users\sahil\AppData\Roaming\Mozilla
2015-04-22 01:37 - 2015-04-22 09:35 - 00000000 ____D () C:\EEK
2015-04-22 01:02 - 2015-04-22 01:31 - 00000000 ____D () C:\AdwCleaner
2015-04-22 01:01 - 2015-04-22 01:01 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-04-22 00:07 - 2015-04-22 01:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-21 23:22 - 2015-04-21 23:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-21 23:17 - 2012-06-19 09:16 - 01667792 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 22:42 - 2014-01-06 21:11 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000UA.job
2015-05-21 22:41 - 2009-07-14 10:15 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 22:41 - 2009-07-14 10:15 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 22:33 - 2012-06-19 09:26 - 00059144 _____ () C:\Users\sahil\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-21 22:29 - 2012-02-05 04:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 22:28 - 2009-07-14 10:43 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 22:28 - 2009-07-14 08:50 - 00000000 __RHD () C:\Users\Default
2015-05-21 22:22 - 2009-07-14 08:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-21 22:21 - 2012-12-02 22:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 22:21 - 2010-11-21 09:17 - 00681806 _____ () C:\Windows\PFRO.log
2015-05-21 22:21 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 22:21 - 2009-07-14 10:21 - 00186082 _____ () C:\Windows\setupact.log
2015-05-21 22:21 - 2009-07-14 08:04 - 72351744 _____ () C:\Windows\system32\config\software.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 49545216 _____ () C:\Windows\system32\config\components.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 18612224 _____ () C:\Windows\system32\config\system.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-21 22:20 - 2012-06-19 09:21 - 00000000 ____D () C:\Users\sahil\AppData\Roaming\SoftGrid Client
2015-05-21 20:42 - 2014-01-06 21:11 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000Core.job
2015-05-21 12:53 - 2015-03-17 00:17 - 00000000 ____D () C:\Users\sahil\Downloads\RAMMap
2015-05-21 12:40 - 2012-06-19 09:19 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1682CD73-24B0-436C-B314-452B3964C651}
2015-05-21 12:37 - 2012-06-19 09:16 - 00000000 ____D () C:\Users\sahil
2015-05-20 21:58 - 2012-06-20 22:23 - 00000000 ____D () C:\Users\sahil\AppData\Local\CrashDumps
2015-05-20 21:57 - 2009-07-14 10:38 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-20 20:13 - 2012-11-08 21:20 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSAHIL-HP$
2015-05-20 20:13 - 2012-11-08 21:20 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForSAHIL-HP$.job
2015-05-20 01:29 - 2015-04-05 01:09 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 01:29 - 2015-04-05 01:09 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 20:37 - 2014-01-06 21:11 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000UA
2015-05-18 20:37 - 2014-01-06 21:11 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000Core
2015-05-18 11:28 - 2012-12-02 22:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 11:28 - 2012-12-02 22:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 11:28 - 2012-12-02 22:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 00:12 - 2015-01-08 01:04 - 00000000 ____D () C:\Users\sahil\Desktop\IDSA
2015-05-14 22:10 - 2012-06-19 09:26 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-14 22:10 - 2012-06-19 09:25 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 22:09 - 2013-08-16 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 22:09 - 2012-06-27 15:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-14 22:09 - 2012-06-19 09:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-14 17:27 - 2009-07-14 10:39 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-14 17:23 - 2013-12-05 14:11 - 00000258 __RSH () C:\Users\sahil\ntuser.pol
2015-05-14 17:22 - 2009-07-14 10:15 - 00272016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 17:21 - 2013-03-15 22:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 17:21 - 2013-03-15 22:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 17:17 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 16:33 - 2012-06-19 09:21 - 00791792 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-14 16:33 - 2012-06-19 09:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-14 16:07 - 2013-03-15 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 13:53 - 2012-02-05 04:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-01 22:30 - 2012-06-27 15:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-30 10:35 - 2014-04-23 16:17 - 00002577 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2015-04-30 10:07 - 2012-06-27 15:30 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-30 02:06 - 2012-02-05 04:38 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-04-30 02:05 - 2011-02-11 00:53 - 00000000 ____D () C:\SWSetup
2015-04-30 01:54 - 2012-02-05 05:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-04-30 01:53 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\Help
2015-04-30 01:49 - 2012-02-05 05:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-30 01:48 - 2012-02-05 04:54 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-04-30 01:21 - 2011-10-13 06:27 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-04-27 13:26 - 2014-06-29 14:24 - 00007599 _____ () C:\Users\sahil\AppData\Local\resmon.resmoncfg
2015-04-27 13:18 - 2015-01-20 22:07 - 00000000 ____D () C:\Windows\pss
2015-04-26 01:17 - 2014-06-24 00:13 - 310611516 _____ () C:\Windows\MEMORY.DMP
2015-04-26 01:17 - 2014-06-24 00:13 - 00000000 ____D () C:\Windows\Minidump
2015-04-25 16:03 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-25 15:59 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\AppCompat
2015-04-23 14:34 - 2012-06-21 15:27 - 00011248 _____ () C:\Windows\DCSetup.LOG
 
==================== Files in the root of some directories =======
 
2012-12-10 21:57 - 2012-12-10 21:57 - 0000288 _____ () C:\Users\sahil\AppData\Roaming\.backup.dm
2014-06-29 14:24 - 2015-04-27 13:26 - 0007599 _____ () C:\Users\sahil\AppData\Local\resmon.resmoncfg
 
Files to move or delete:
====================
C:\Users\sahil\data.x.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-16 13:43
 
==================== End of log ============================


BC AdBot (Login to Remove)

 


#2 sahil malhotra

sahil malhotra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 21 May 2015 - 02:12 PM

       dgd

Attached Files



#3 sahil malhotra

sahil malhotra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 21 May 2015 - 02:14 PM

 whenever I open ant website on google, after opening it when i click on anything on it i get redirected to an entirelly new website, generally a porn one. In the recent past i have tried several antiviruses like hitman pro, malware bites, and even i tried combofix today but the problem remains there. I have disabled IE though i have original win7 because i have low ram, 2 gb.

some of the links where i redirected to are; 

 

 
  1. 12:02 AM
  2. 12:02 AM
    citymovies.info
  3. 12:02 AM
    4porno.tv
  4. 12:02 AM
    bighot.ru
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by sahil (administrator) on SAHIL-HP on 21-05-2015 23:16:49
Running from C:\Users\sahil\Downloads
Loaded Profiles: sahil (Available profiles: sahil)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2013-02-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [170264 2012-03-30] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [398616 2012-03-30] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [439064 2012-03-30] (Intel Corporation)
HKLM-x32\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM-x32\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2013-02-28] (Intel Corporation)
HKLM-x32\...\Run: [S307M] => C:\Program Files (x86)\MTNL 3G Modem\Delhi\Resource\driver\MctlSuc.exe [113152 2011-12-20] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-04-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-111078-17344-8/4?satitle={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-111078-17344-8/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4262443793-2968545166-1396318449-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4262443793-2968545166-1396318449-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-111078-17344-8/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-4262443793-2968545166-1396318449-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 37.48.127.131 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-10-26] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-10-26] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2014-03-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\sahil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @talk.google.com/O1DPlugin -> C:\Users\sahil\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @tools.google.com/Google Update;version=3 -> C:\Users\sahil\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @tools.google.com/Google Update;version=9 -> C:\Users\sahil\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: hp.com/HPDetect -> C:\Users\sahil\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin ProgramFiles/Appdata: C:\Users\sahil\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\sahil\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Perion plugin) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Perion plugin) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-27]
CHR Extension: (Google Wallet) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-28] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-11-04] (WildTangent)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-10-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-10-26] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-04-21] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-04] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-21] (Emsisoft GmbH)
S3 cmntusbser; C:\Windows\System32\DRIVERS\cmntusbser.sys [126592 2011-04-21] (Wireless Device)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2013-02-28] (Synaptics Incorporated)
S3 u343bus; C:\Windows\System32\DRIVERS\u343bus.sys [159304 2010-12-06] (MCCI Corporation)
S3 u343mdfl; C:\Windows\System32\DRIVERS\u343mdfl.sys [19016 2010-12-06] (MCCI Corporation)
S3 u343mdm; C:\Windows\System32\DRIVERS\u343mdm.sys [179272 2010-12-06] (MCCI Corporation)
S3 u343mgmt; C:\Windows\System32\DRIVERS\u343mgmt.sys [160328 2010-12-06] (MCCI Corporation)
S3 u343nn62; C:\Windows\System32\DRIVERS\u343nn62.sys [38984 2010-12-06] (MCCI Corporation)
S3 u343nu; C:\Windows\System32\DRIVERS\u343nu.sys [192584 2010-12-06] (MCCI Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-21 23:16 - 2015-05-21 23:17 - 00020005 _____ () C:\Users\sahil\Downloads\FRST.txt
2015-05-21 23:16 - 2015-05-21 23:17 - 00000000 ____D () C:\FRST
2015-05-21 23:14 - 2015-05-21 23:16 - 02108416 _____ (Farbar) C:\Users\sahil\Downloads\FRST64.exe
2015-05-21 22:28 - 2015-05-21 22:28 - 00029317 _____ () C:\ComboFix.txt
2015-05-21 21:48 - 2015-05-21 22:28 - 00000000 ____D () C:\Qoobox
2015-05-21 21:48 - 2011-06-26 12:15 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-21 21:48 - 2010-11-07 22:50 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-21 21:48 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00098816 _____ () C:\Windows\sed.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00080412 _____ () C:\Windows\grep.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00068096 _____ () C:\Windows\zip.exe
2015-05-21 21:47 - 2015-05-21 22:26 - 00000000 ____D () C:\Windows\erdnt
2015-05-21 21:32 - 2015-05-21 21:41 - 05627500 ____R (Swearware) C:\Users\sahil\Downloads\ComboFix.exe
2015-05-20 01:18 - 2015-03-14 08:51 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-20 01:18 - 2015-03-14 08:51 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-20 01:18 - 2015-03-14 08:34 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-20 01:18 - 2015-03-14 08:34 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-18 22:14 - 2015-05-18 22:14 - 00189320 _____ (Kaspersky Lab) C:\Users\sahil\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6222.exe
2015-05-18 22:06 - 2015-04-21 23:00 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\sahil\Desktop\tdsskiller.exe
2015-05-18 20:39 - 2015-05-21 12:37 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForsahil
2015-05-16 22:54 - 2015-05-21 22:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForsahil.job
2015-05-14 16:21 - 2015-05-14 16:21 - 00000000 ____D () C:\Windows\Temp9D87135D-C587-F581-6A22-D0026C5098FB-Signatures
2015-05-14 16:08 - 2015-05-01 18:47 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:07 - 2015-05-01 18:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 14:12 - 2015-05-14 14:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-14 13:53 - 2015-05-14 13:53 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-05-14 13:50 - 2015-05-14 13:50 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-13 23:10 - 2015-04-22 07:58 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 23:10 - 2015-04-22 07:18 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 23:10 - 2015-04-21 22:44 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 23:10 - 2015-04-21 22:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 23:10 - 2015-04-21 22:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 23:10 - 2015-04-21 22:21 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 23:10 - 2015-04-21 22:20 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 23:10 - 2015-04-21 22:20 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 23:10 - 2015-04-21 22:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 23:10 - 2015-04-21 22:19 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 23:10 - 2015-04-21 22:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 23:10 - 2015-04-21 22:11 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 23:10 - 2015-04-21 22:10 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 23:10 - 2015-04-21 22:07 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 23:10 - 2015-04-21 22:05 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 23:10 - 2015-04-21 22:05 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 23:10 - 2015-04-21 22:05 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 23:10 - 2015-04-21 22:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 23:10 - 2015-04-21 22:01 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 23:10 - 2015-04-21 21:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 23:10 - 2015-04-21 21:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 23:10 - 2015-04-21 21:54 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 23:10 - 2015-04-21 21:52 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 23:10 - 2015-04-21 21:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 23:10 - 2015-04-21 21:41 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 23:10 - 2015-04-21 21:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 23:10 - 2015-04-21 21:40 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 23:10 - 2015-04-21 21:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 23:10 - 2015-04-21 21:39 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 23:10 - 2015-04-21 21:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 23:10 - 2015-04-21 21:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 23:10 - 2015-04-21 21:35 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 23:10 - 2015-04-21 21:34 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 23:10 - 2015-04-21 21:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 23:10 - 2015-04-21 21:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 23:10 - 2015-04-21 21:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 23:10 - 2015-04-21 21:28 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 23:10 - 2015-04-21 21:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 23:10 - 2015-04-21 21:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 23:10 - 2015-04-21 21:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 23:10 - 2015-04-21 21:19 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 23:10 - 2015-04-21 21:18 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 23:10 - 2015-04-21 21:17 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 23:10 - 2015-04-21 21:16 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 23:10 - 2015-04-21 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 23:10 - 2015-04-21 21:10 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 23:10 - 2015-04-21 21:09 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 23:10 - 2015-04-21 21:08 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 23:10 - 2015-04-21 21:06 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 23:10 - 2015-04-21 21:01 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 23:10 - 2015-04-21 20:57 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 23:10 - 2015-04-21 20:56 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 23:10 - 2015-04-21 20:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 23:10 - 2015-04-21 20:54 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 23:10 - 2015-04-21 20:47 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 23:10 - 2015-04-21 20:45 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 23:10 - 2015-04-21 20:33 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 23:10 - 2015-04-21 20:32 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 23:10 - 2015-04-21 20:28 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 23:10 - 2015-04-21 20:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 22:42 - 2015-04-28 00:58 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 22:42 - 2015-04-28 00:58 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 22:42 - 2015-04-28 00:58 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 22:42 - 2015-04-28 00:56 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 22:42 - 2015-04-28 00:52 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 22:42 - 2015-04-28 00:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 22:42 - 2015-04-28 00:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 22:42 - 2015-04-28 00:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:41 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 22:42 - 2015-04-28 00:41 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 22:42 - 2015-04-28 00:38 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 22:42 - 2015-04-28 00:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 22:42 - 2015-04-28 00:34 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 22:42 - 2015-04-28 00:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 22:42 - 2015-04-28 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 22:42 - 2015-04-28 00:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 22:42 - 2015-04-28 00:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 22:42 - 2015-04-28 00:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:36 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 22:42 - 2015-04-27 23:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 22:42 - 2015-04-27 23:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 22:42 - 2015-04-27 23:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 22:42 - 2015-04-13 08:58 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 22:38 - 2015-05-05 06:59 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 22:38 - 2015-05-05 06:42 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 22:38 - 2015-04-18 08:40 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 22:38 - 2015-04-18 08:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 22:27 - 2015-04-20 08:47 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 22:27 - 2015-04-20 08:47 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 22:27 - 2015-04-20 08:26 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 22:27 - 2015-04-20 07:41 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 22:27 - 2015-04-08 08:59 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 22:27 - 2015-04-08 08:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 22:25 - 2015-01-29 08:49 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 22:25 - 2015-01-29 08:32 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 22:22 - 2015-02-18 12:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 22:22 - 2015-02-18 12:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 22:21 - 2015-03-04 10:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 22:21 - 2015-03-04 10:11 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 22:21 - 2015-03-04 10:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 22:21 - 2015-03-04 10:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 22:21 - 2015-03-04 09:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 22:21 - 2015-03-04 09:40 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 22:21 - 2015-03-04 09:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-04-30 01:47 - 2015-04-30 01:47 - 00000000 ____D () C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}
2015-04-30 01:35 - 2015-04-30 01:44 - 37602760 _____ (Hewlett-Packard ) C:\Users\sahil\Downloads\sp68201.exe
2015-04-30 01:21 - 2015-04-30 01:21 - 00000000 ____D () C:\MATS
2015-04-27 13:19 - 2015-04-27 13:19 - 00000000 _____ () C:\Windows\SysWOW64\sho5C24.tmp
2015-04-26 01:17 - 2015-04-26 01:17 - 00280448 _____ () C:\Windows\Minidump\042615-18205-01.dmp
2015-04-23 14:32 - 2015-04-23 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MMX310G 3G USB Manager
2015-04-23 14:32 - 2015-04-23 14:32 - 00000000 ____D () C:\Program Files (x86)\MMX310G 3G USB Manager
2015-04-23 14:32 - 2011-04-21 13:13 - 00126592 _____ (Wireless Device) C:\Windows\system32\Drivers\cmntusbser.sys
2015-04-22 22:59 - 2015-04-22 23:55 - 00000000 ____D () C:\Users\sahil\Desktop\registry
2015-04-22 21:09 - 2015-04-22 21:09 - 00000000 _____ () C:\autoexec.bat
2015-04-22 11:36 - 2015-04-22 11:36 - 00000000 ____D () C:\Users\sahil\AppData\Roaming\Mozilla
2015-04-22 01:37 - 2015-04-22 09:35 - 00000000 ____D () C:\EEK
2015-04-22 01:02 - 2015-04-22 01:31 - 00000000 ____D () C:\AdwCleaner
2015-04-22 01:01 - 2015-04-22 01:01 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-04-22 00:07 - 2015-04-22 01:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-21 23:22 - 2015-04-21 23:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-21 23:17 - 2012-06-19 09:16 - 01667792 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 22:42 - 2014-01-06 21:11 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000UA.job
2015-05-21 22:41 - 2009-07-14 10:15 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 22:41 - 2009-07-14 10:15 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 22:33 - 2012-06-19 09:26 - 00059144 _____ () C:\Users\sahil\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-21 22:29 - 2012-02-05 04:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 22:28 - 2009-07-14 10:43 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 22:28 - 2009-07-14 08:50 - 00000000 __RHD () C:\Users\Default
2015-05-21 22:22 - 2009-07-14 08:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-21 22:21 - 2012-12-02 22:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 22:21 - 2010-11-21 09:17 - 00681806 _____ () C:\Windows\PFRO.log
2015-05-21 22:21 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 22:21 - 2009-07-14 10:21 - 00186082 _____ () C:\Windows\setupact.log
2015-05-21 22:21 - 2009-07-14 08:04 - 72351744 _____ () C:\Windows\system32\config\software.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 49545216 _____ () C:\Windows\system32\config\components.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 18612224 _____ () C:\Windows\system32\config\system.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-21 22:20 - 2012-06-19 09:21 - 00000000 ____D () C:\Users\sahil\AppData\Roaming\SoftGrid Client
2015-05-21 20:42 - 2014-01-06 21:11 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000Core.job
2015-05-21 12:53 - 2015-03-17 00:17 - 00000000 ____D () C:\Users\sahil\Downloads\RAMMap
2015-05-21 12:40 - 2012-06-19 09:19 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1682CD73-24B0-436C-B314-452B3964C651}
2015-05-21 12:37 - 2012-06-19 09:16 - 00000000 ____D () C:\Users\sahil
2015-05-20 21:58 - 2012-06-20 22:23 - 00000000 ____D () C:\Users\sahil\AppData\Local\CrashDumps
2015-05-20 21:57 - 2009-07-14 10:38 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-20 20:13 - 2012-11-08 21:20 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSAHIL-HP$
2015-05-20 20:13 - 2012-11-08 21:20 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForSAHIL-HP$.job
2015-05-20 01:29 - 2015-04-05 01:09 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 01:29 - 2015-04-05 01:09 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 20:37 - 2014-01-06 21:11 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000UA
2015-05-18 20:37 - 2014-01-06 21:11 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000Core
2015-05-18 11:28 - 2012-12-02 22:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 11:28 - 2012-12-02 22:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 11:28 - 2012-12-02 22:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 00:12 - 2015-01-08 01:04 - 00000000 ____D () C:\Users\sahil\Desktop\IDSA
2015-05-14 22:10 - 2012-06-19 09:26 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-14 22:10 - 2012-06-19 09:25 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 22:09 - 2013-08-16 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 22:09 - 2012-06-27 15:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-14 22:09 - 2012-06-19 09:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-14 17:27 - 2009-07-14 10:39 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-14 17:23 - 2013-12-05 14:11 - 00000258 __RSH () C:\Users\sahil\ntuser.pol
2015-05-14 17:22 - 2009-07-14 10:15 - 00272016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 17:21 - 2013-03-15 22:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 17:21 - 2013-03-15 22:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 17:17 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 16:33 - 2012-06-19 09:21 - 00791792 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-14 16:33 - 2012-06-19 09:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-14 16:07 - 2013-03-15 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 13:53 - 2012-02-05 04:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-01 22:30 - 2012-06-27 15:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-30 10:35 - 2014-04-23 16:17 - 00002577 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2015-04-30 10:07 - 2012-06-27 15:30 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-30 02:06 - 2012-02-05 04:38 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-04-30 02:05 - 2011-02-11 00:53 - 00000000 ____D () C:\SWSetup
2015-04-30 01:54 - 2012-02-05 05:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-04-30 01:53 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\Help
2015-04-30 01:49 - 2012-02-05 05:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-30 01:48 - 2012-02-05 04:54 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-04-30 01:21 - 2011-10-13 06:27 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-04-27 13:26 - 2014-06-29 14:24 - 00007599 _____ () C:\Users\sahil\AppData\Local\resmon.resmoncfg
2015-04-27 13:18 - 2015-01-20 22:07 - 00000000 ____D () C:\Windows\pss
2015-04-26 01:17 - 2014-06-24 00:13 - 310611516 _____ () C:\Windows\MEMORY.DMP
2015-04-26 01:17 - 2014-06-24 00:13 - 00000000 ____D () C:\Windows\Minidump
2015-04-25 16:03 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-25 15:59 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\AppCompat
2015-04-23 14:34 - 2012-06-21 15:27 - 00011248 _____ () C:\Windows\DCSetup.LOG
 
==================== Files in the root of some directories =======
 
2012-12-10 21:57 - 2012-12-10 21:57 - 0000288 _____ () C:\Users\sahil\AppData\Roaming\.backup.dm
2014-06-29 14:24 - 2015-04-27 13:26 - 0007599 _____ () C:\Users\sahil\AppData\Local\resmon.resmoncfg
 
Files to move or delete:
====================
C:\Users\sahil\data.x.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-16 13:43
 
==================== End of log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 24 May 2015 - 12:32 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-4262443793-2968545166-1396318449-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Perion plugin) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Perion plugin) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please run the AdwCleaner tool and if prompter to install the new version do so.
Run the application and post the log.

===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

If the problem persists reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

How is the computer running now?

#5 sahil malhotra

sahil malhotra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 24 May 2015 - 01:10 PM

thank you very much sir, i was eagerly waiting for your reply    :)

 

Fixlog result

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by sahil at 2015-05-24 23:18:50 Run:1
Running from C:\Users\sahil\Downloads
Loaded Profiles: sahil (Available profiles: sahil)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-4262443793-2968545166-1396318449-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (Native Client) - C:\Program Files
(x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Perion plugin) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Perion plugin) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In)
- c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. 
"HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found. 
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key Deleted successfully.
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found. 
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value Deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0" => Key Deleted successfully.
CHR Plugin: (Native Client) - C:\Program Files not found.
(x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File => Error: No automatic fix found for this entry.
C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll not found.
C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll not found.
C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll not found.
C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
- c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File => Error: No automatic fix found for this entry.
catchme => Service Deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 23:20:33 ====
 
 
 
sir I did a few scans with different anti-virus softwares after following one of the articles posted on your site, these after done today in the morning before running what you have suggested above, please guide me if i need to scan again
 
# AdwCleaner v4.205 - Logfile created 23/05/2015 at 00:23:05
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 7 Home Basic Service Pack 1 (x64)
# Username : sahil - SAHIL-HP
# Running from : C:\Users\sahil\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dchmpbaclbiioedakpcldenooikekokm
File Deleted : C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\doobfiogmfmpjnoofjhhgjehmlofngfp
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v43.0.2357.65
 
 
*************************
 
AdwCleaner[R0].txt - [5720 bytes] - [22/04/2015 01:02:57]
AdwCleaner[R1].txt - [1127 bytes] - [22/04/2015 01:29:02]
AdwCleaner[R2].txt - [1247 bytes] - [22/05/2015 10:43:40]
AdwCleaner[R3].txt - [1359 bytes] - [23/05/2015 00:21:01]
AdwCleaner[S0].txt - [5464 bytes] - [22/04/2015 01:04:02]
AdwCleaner[S1].txt - [1196 bytes] - [22/04/2015 01:31:26]
AdwCleaner[S2].txt - [1316 bytes] - [22/05/2015 10:49:48]
AdwCleaner[S3].txt - [1288 bytes] - [23/05/2015 00:23:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1347  bytes] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 23-05-2015
Scan Time: 01:09:41
Logfile: malware.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.22.04
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: sahil
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355194
Time Elapsed: 30 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows 7 Home Basic x64
Ran by sahil on 23-05-2015 at  9:41:15.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\syswow64\sho1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2187.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2E4.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho34D6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho35BF.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho405C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho51C8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5C24.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho649C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7060.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho77B0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8F45.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho907.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB26E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoBAB7.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC552.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{00FE68E1-2E7E-460B-AAE3-9F34B5C4FE38}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{03352577-5CE3-4134-98FC-800385F39921}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{0412FAC2-FBD2-4A5B-83FA-97CEF713F8DE}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{072C192C-5894-4978-97BA-2776CD1D5937}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{0C2E1A22-7DF4-4792-ACBA-865D49962CBE}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{110B618E-4555-49AF-A103-452C7A64E574}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{139EA74B-AF6F-4762-B12D-2CA9CC9E8096}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{1944391B-76DB-40DF-B7C3-DA52DBE6FD94}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{1979887E-F0D5-4613-B4E2-A476F58B876F}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{21B970E8-C37E-42DE-9DFC-2570F58576B1}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{2716ABF1-5E10-4125-9EE4-A08FF934B512}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{2818C59D-353D-480F-AB7E-D01A5BD1F9C7}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{2961ADBE-CE5D-4F9A-A375-3F3B968E1A84}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{2C6250BD-D7CB-4012-8038-BB00E6492F33}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{380716F8-2673-4D8C-9DFC-310D212753A9}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{3A346FD9-57EF-425E-92FC-716497698076}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{3F244FDF-3919-493C-A238-43B2FF8D22C4}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{405FAFC1-9142-4700-990A-99331684901C}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{410835BF-A44B-4245-B098-3B0B9E28C4A1}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{4171F4E4-F10E-48AC-9094-23B03EFFDAB4}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{41766EA3-5F54-4441-8FEA-CA66D5F16D77}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{43E1BB41-23C4-4D44-AD0C-344BC2FF6B15}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{4503C5B0-51C5-49CD-950E-D69CFF30379D}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{45DD6D53-961E-4885-A50B-CAAF7D2FDE6E}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{46C110FA-675A-4ED3-BC60-498887084859}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{4AB3D950-EFBA-41A2-A7F4-BC800DD15899}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{4E3FC5A8-58CB-4E65-8B60-EBC6600356D5}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{4EA6E0C8-0890-4BB0-B11F-081963B58272}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{4EE8B8E0-55B3-429C-B144-BDE8F4B9E8E3}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{52B06E24-58F4-4162-93EF-E0869E84AD82}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{560E8644-947B-496C-9A28-5645446A0A2A}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{58432243-76D4-4DC0-9D18-A8C7958BCA93}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{5F2CAA8F-E9AD-4A93-8314-57C5D3957201}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{64E35BE1-C097-4932-9122-420FB63707FD}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{69EBCDDC-1395-49FB-9914-51CB40C1AD2F}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{7430472A-A59C-4A0F-9D4F-3CC8EB7D4F5E}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{7A489DD0-F2B9-408C-B9E5-41288AA842CA}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{7F1A3D9D-4325-4C33-AF53-C33C183DBA62}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{88268424-BC09-4746-AB69-60A2658958FF}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{88B88708-1130-4F7C-BEE7-52F2383E9C74}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{88BEA227-E3EA-4942-B161-CEA68BE07086}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{89C8A40F-3310-4F28-916F-5017426CBCA8}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{8EB1573B-EBF9-4C3E-B6CD-64325C6124E4}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{8FA204FE-1DC6-46E1-A824-2EAF2315B7B8}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{93D27B9E-83B1-4532-A400-50591F95C368}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{977D1B76-0496-4844-B550-E9C3181FA279}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{9AF18CFF-3A42-4CB9-BA40-9C147539CB64}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{9E973A82-EE3D-467F-ACD4-FDDD63D05411}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{AADC64EB-0415-452D-BB36-0141F8A6721D}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{AAE420E3-F123-4CD9-9B95-2AF2410D41F6}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{ACB7B2AD-2D23-42CF-B158-EF8330F5D61D}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{ADC6127E-4EC7-4B5F-A41A-C6C86C59E4D2}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{AE060DB1-3341-443A-ABF2-D6E6BAC93F58}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{AFE26990-F908-48C8-969D-9F162925CDD3}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{B0970718-EEB9-4460-A1B3-5348F604AFB0}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{B0B1E16E-E411-4656-AE30-9F27A200B319}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{B4E944BA-7AAC-4673-863D-B1374968E0B4}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{B9C65CB2-36CA-4790-835E-9704850CA9A3}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{C133D845-981C-450F-8F20-47F7F1E15799}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{C4E16B06-BA41-48BB-B47D-15754A574609}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{C83EFE1F-4F75-4BB6-A1ED-A8CBDF106055}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{DE16F423-72B6-4DD6-8EBC-712EC9E28EB1}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{DF60A438-02B7-4BEE-90F7-3CE642B8465B}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{E493D261-F473-4A41-9DEA-710B58369952}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{E583D5F4-4110-4972-92D9-020B3607F36C}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{EAC2C057-7A87-455A-AD5A-FC404E1D7916}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{F567DAC4-C62B-4A40-A9DD-92081F1E1643}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{F81AF1FF-9B85-4DE3-9F81-FAF31BC5D0AE}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{FCDA6ACD-1FBE-4FF8-AC91-F1CC73C2DFD3}
Successfully deleted: [Empty Folder] C:\Users\sahil\appdata\local\{FE814EFA-4CCE-4876-A66A-DC46F3FE98B4}
Successfully deleted: [Folder] C:\Program Files (x86)\free youtube downloader
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\sahil\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23-05-2015 at  9:43:58.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
HitmanPro 3.7.9.241
www.hitmanpro.com
 
   Computer name . . . . : SAHIL-HP
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : sahil-HP\sahil
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (Expired)
 
   Scan date . . . . . . : 2015-05-23 20:21:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 30s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 14
 
   Objects scanned . . . : 1,692,780
   Files scanned . . . . : 25,270
   Remnants scanned  . . : 269,543 files / 1,397,967 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\sahil\Downloads\FRST64.exe
      Size . . . . . . . : 2,108,416 bytes
      Age  . . . . . . . : 1.9 days (2015-05-21 23:14:07)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : E9D33B9AA6C98692E2BCAD306D73C21372669631A82FCEBFB6C1ED8A29C0DE33
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Windows\PEV.exe
      Size . . . . . . . : 256,000 bytes
      Age  . . . . . . . : 1.9 days (2015-05-21 21:48:52)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -0.0s C:\Windows\SWXCACLS.exe
         -0.0s C:\Windows\SWSC.exe
         -0.0s C:\Windows\sed.exe
         -0.0s C:\Windows\grep.exe
         -0.0s C:\Windows\zip.exe
         -0.0s C:\Windows\SWREG.exe
          0.0s C:\Windows\PEV.exe
          0.0s C:\Windows\NIRCMD.exe
          0.0s C:\Windows\MBR.exe
 
 
Potential Unwanted Programs _________________________________________________
 
   HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)
   HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)
   HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)
 
Cookies _____________________________________________________________________
 
   C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
 
 
 
 
scan result of ESET ONLINE SCANNER but incomplete as it was very slow
 
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
 


#6 sahil malhotra

sahil malhotra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 24 May 2015 - 01:31 PM

sir computer is running fine, in fact we have connected two computers through wire with the same modem(router) and problem was in both the computers. A few days ago, as one of the pc was just three months old, we reinstalled the window using the recovery disc D but just when we had opened the internet explorer the redirects started again. then i came across an article on your website ,,router reboot to factory condition and google redirect virus,,,,,,,,,, i followed the instructions a day before yesterday. While doing so I had even lost my internet connection even though router was showing the presence of internet. I called the service provider and followed his instructions and the internet resumed. Since then everything is normal, no browser redirects, adds etc , infact on both of the computers. But for security I installed a number of scanners one by one and scanned both the pcs even after rebooting the router. The results I have pasted above

Sir both the computers are working fine but we have noticed thatin the past redirects sometimes stopped for some days or some reboots after resetting the browsers but the problem generally reappeared after that.

Waiting for your further response and once again thank you very much sir.

Regards

sahil



#7 sahil malhotra

sahil malhotra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 24 May 2015 - 01:36 PM

sorry sir but i forgot to mention that I was unable to remove the threats mentioned by HITMAN PRO anti-virus as its one month free license had been expired, and that by ESET ANTI-VIRUS as it was proceeding very slowly, scanning one file in 10-15 minutes!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 25 May 2015 - 07:38 AM

Please run the Farbar tool and post a fresh FRST log for my review.

If the redirect persists let me know if all or just one of the browsers are the problem.

#9 sahil malhotra

sahil malhotra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 25 May 2015 - 10:40 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by sahil (administrator) on SAHIL-HP on 25-05-2015 20:57:10
Running from C:\Users\sahil\Downloads
Loaded Profiles: sahil (Available profiles: sahil)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\MTNL 3G Modem\Delhi\Resource\driver\MCtlSuc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2013-02-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [170264 2012-03-30] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [398616 2012-03-30] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [439064 2012-03-30] (Intel Corporation)
HKLM-x32\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM-x32\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2013-02-28] (Intel Corporation)
HKLM-x32\...\Run: [S307M] => C:\Program Files (x86)\MTNL 3G Modem\Delhi\Resource\driver\MctlSuc.exe [113152 2011-12-20] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-04-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4262443793-2968545166-1396318449-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-111078-17344-8/4?satitle={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-111078-17344-8/4?satitle={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4262443793-2968545166-1396318449-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4686-111078-17344-8/4?satitle={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Tcpip\..\Interfaces\{BFA9BD30-1519-4AF4-9FBE-1C0B1DAD5F37}: [NameServer] 202.159.219.229,202.159.217.198
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-10-26] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-10-26] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2014-03-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\sahil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @talk.google.com/O1DPlugin -> C:\Users\sahil\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @tools.google.com/Google Update;version=3 -> C:\Users\sahil\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: @tools.google.com/Google Update;version=9 -> C:\Users\sahil\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-4262443793-2968545166-1396318449-1000: hp.com/HPDetect -> C:\Users\sahil\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin ProgramFiles/Appdata: C:\Users\sahil\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\sahil\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
 
Chrome: 
=======
CHR Profile: C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sahil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-28] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-11-04] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-10-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-10-26] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-04-21] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-04] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-21] (Emsisoft GmbH)
S3 cmntusbser; C:\Windows\System32\DRIVERS\cmntusbser.sys [126592 2011-04-21] (Wireless Device)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2013-02-28] (Synaptics Incorporated)
S3 u343bus; C:\Windows\System32\DRIVERS\u343bus.sys [159304 2010-12-06] (MCCI Corporation)
S3 u343mdfl; C:\Windows\System32\DRIVERS\u343mdfl.sys [19016 2010-12-06] (MCCI Corporation)
S3 u343mdm; C:\Windows\System32\DRIVERS\u343mdm.sys [179272 2010-12-06] (MCCI Corporation)
S3 u343mgmt; C:\Windows\System32\DRIVERS\u343mgmt.sys [160328 2010-12-06] (MCCI Corporation)
S3 u343nn62; C:\Windows\System32\DRIVERS\u343nn62.sys [38984 2010-12-06] (MCCI Corporation)
S3 u343nu; C:\Windows\System32\DRIVERS\u343nu.sys [192584 2010-12-06] (MCCI Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-25 20:57 - 2015-05-25 20:57 - 00018692 _____ () C:\Users\sahil\Downloads\FRST.txt
2015-05-23 20:37 - 2015-05-23 20:38 - 02347384 _____ (ESET) C:\Users\sahil\Downloads\esetsmartinstaller_enu (1).exe
2015-05-23 20:28 - 2015-05-23 20:28 - 00009316 _____ () C:\Users\sahil\Downloads\HitmanPro_20150523_2028.log
2015-05-23 12:36 - 2015-05-23 12:37 - 00000000 ____D () C:\Users\sahil\Documents\inter
2015-05-23 11:18 - 2015-05-23 11:18 - 00000158 _____ () C:\Users\sahil\Downloads\eset.txt
2015-05-23 09:55 - 2015-05-23 09:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-05-23 09:43 - 2015-05-23 09:43 - 00009527 _____ () C:\Users\sahil\Downloads\JRT.txt
2015-05-23 09:41 - 2015-05-23 09:41 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SAHIL-HP-Windows-7-Home-Basic-(64-bit).dat
2015-05-23 09:41 - 2015-05-23 09:41 - 00000000 ____D () C:\RegBackup
2015-05-23 02:24 - 2015-05-25 20:41 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-23 02:02 - 2015-05-25 20:20 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForsahil.job
2015-05-23 02:02 - 2015-05-25 10:14 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForsahil
2015-05-23 01:44 - 2015-05-23 01:44 - 00001058 _____ () C:\Users\sahil\Downloads\malware.txt
2015-05-23 01:05 - 2015-05-23 23:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 01:05 - 2015-05-23 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 01:04 - 2015-05-23 01:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 01:04 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-23 01:04 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-23 01:04 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-23 00:57 - 2015-05-23 01:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\sahil\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-23 00:29 - 2015-05-23 00:29 - 00001427 _____ () C:\Users\sahil\Downloads\notepad adware.txt
2015-05-22 10:27 - 2015-05-22 10:27 - 00010016 _____ () C:\Users\sahil\Downloads\HitmanPro_20150522_1026.log
2015-05-21 23:16 - 2015-05-25 20:57 - 00000000 ____D () C:\FRST
2015-05-21 23:14 - 2015-05-21 23:16 - 02108416 _____ (Farbar) C:\Users\sahil\Downloads\FRST64.exe
2015-05-21 22:28 - 2015-05-21 22:28 - 00029317 _____ () C:\ComboFix.txt
2015-05-21 21:48 - 2015-05-21 22:28 - 00000000 ____D () C:\Qoobox
2015-05-21 21:48 - 2011-06-26 12:15 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-21 21:48 - 2010-11-07 22:50 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-21 21:48 - 2009-04-20 10:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00098816 _____ () C:\Windows\sed.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00080412 _____ () C:\Windows\grep.exe
2015-05-21 21:48 - 2000-08-31 05:30 - 00068096 _____ () C:\Windows\zip.exe
2015-05-21 21:47 - 2015-05-21 22:26 - 00000000 ____D () C:\Windows\erdnt
2015-05-20 01:18 - 2015-03-14 08:51 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-20 01:18 - 2015-03-14 08:51 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-20 01:18 - 2015-03-14 08:34 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-20 01:18 - 2015-03-14 08:34 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-14 16:21 - 2015-05-14 16:21 - 00000000 ____D () C:\Windows\Temp9D87135D-C587-F581-6A22-D0026C5098FB-Signatures
2015-05-14 16:08 - 2015-05-01 18:47 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 16:07 - 2015-05-01 18:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 13:53 - 2015-05-14 13:53 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-05-14 13:50 - 2015-05-14 13:50 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-13 23:10 - 2015-04-22 07:58 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 23:10 - 2015-04-22 07:18 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 23:10 - 2015-04-21 22:44 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 23:10 - 2015-04-21 22:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 23:10 - 2015-04-21 22:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 23:10 - 2015-04-21 22:21 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 23:10 - 2015-04-21 22:20 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 23:10 - 2015-04-21 22:20 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 23:10 - 2015-04-21 22:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 23:10 - 2015-04-21 22:19 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 23:10 - 2015-04-21 22:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 23:10 - 2015-04-21 22:11 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 23:10 - 2015-04-21 22:10 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 23:10 - 2015-04-21 22:07 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 23:10 - 2015-04-21 22:05 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 23:10 - 2015-04-21 22:05 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 23:10 - 2015-04-21 22:05 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 23:10 - 2015-04-21 22:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 23:10 - 2015-04-21 22:01 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 23:10 - 2015-04-21 21:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 23:10 - 2015-04-21 21:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 23:10 - 2015-04-21 21:54 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 23:10 - 2015-04-21 21:52 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 23:10 - 2015-04-21 21:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 23:10 - 2015-04-21 21:41 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 23:10 - 2015-04-21 21:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 23:10 - 2015-04-21 21:40 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 23:10 - 2015-04-21 21:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 23:10 - 2015-04-21 21:39 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 23:10 - 2015-04-21 21:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 23:10 - 2015-04-21 21:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 23:10 - 2015-04-21 21:35 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 23:10 - 2015-04-21 21:34 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 23:10 - 2015-04-21 21:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 23:10 - 2015-04-21 21:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 23:10 - 2015-04-21 21:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 23:10 - 2015-04-21 21:28 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 23:10 - 2015-04-21 21:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 23:10 - 2015-04-21 21:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 23:10 - 2015-04-21 21:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 23:10 - 2015-04-21 21:19 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 23:10 - 2015-04-21 21:18 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 23:10 - 2015-04-21 21:17 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 23:10 - 2015-04-21 21:16 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 23:10 - 2015-04-21 21:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 23:10 - 2015-04-21 21:10 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 23:10 - 2015-04-21 21:09 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 23:10 - 2015-04-21 21:08 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 23:10 - 2015-04-21 21:06 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 23:10 - 2015-04-21 21:01 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 23:10 - 2015-04-21 20:57 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 23:10 - 2015-04-21 20:56 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 23:10 - 2015-04-21 20:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 23:10 - 2015-04-21 20:54 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 23:10 - 2015-04-21 20:47 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 23:10 - 2015-04-21 20:45 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 23:10 - 2015-04-21 20:33 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 23:10 - 2015-04-21 20:32 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 23:10 - 2015-04-21 20:28 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 23:10 - 2015-04-21 20:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 22:42 - 2015-04-28 00:58 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 22:42 - 2015-04-28 00:58 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 22:42 - 2015-04-28 00:58 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 22:42 - 2015-04-28 00:56 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 22:42 - 2015-04-28 00:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 22:42 - 2015-04-28 00:52 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 22:42 - 2015-04-28 00:52 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 22:42 - 2015-04-28 00:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 22:42 - 2015-04-28 00:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 22:42 - 2015-04-28 00:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:41 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 22:42 - 2015-04-28 00:41 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 22:42 - 2015-04-28 00:38 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 22:42 - 2015-04-28 00:35 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 22:42 - 2015-04-28 00:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 22:42 - 2015-04-28 00:34 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 22:42 - 2015-04-28 00:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 22:42 - 2015-04-28 00:34 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 22:42 - 2015-04-28 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 22:42 - 2015-04-28 00:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 22:42 - 2015-04-28 00:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 22:42 - 2015-04-28 00:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 22:42 - 2015-04-28 00:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 22:42 - 2015-04-28 00:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:36 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 22:42 - 2015-04-27 23:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 22:42 - 2015-04-27 23:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 22:42 - 2015-04-27 23:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 22:42 - 2015-04-27 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 22:42 - 2015-04-13 08:58 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 22:38 - 2015-05-05 06:59 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 22:38 - 2015-05-05 06:42 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 22:38 - 2015-04-18 08:40 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 22:38 - 2015-04-18 08:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 22:27 - 2015-04-20 08:47 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 22:27 - 2015-04-20 08:47 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 22:27 - 2015-04-20 08:26 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 22:27 - 2015-04-20 07:41 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 22:27 - 2015-04-08 08:59 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 22:27 - 2015-04-08 08:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 22:25 - 2015-01-29 08:49 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 22:25 - 2015-01-29 08:32 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 22:22 - 2015-02-18 12:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 22:22 - 2015-02-18 12:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 22:21 - 2015-03-04 10:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 22:21 - 2015-03-04 10:11 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 22:21 - 2015-03-04 10:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 22:21 - 2015-03-04 10:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 22:21 - 2015-03-04 09:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 22:21 - 2015-03-04 09:40 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 22:21 - 2015-03-04 09:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-04-30 01:47 - 2015-04-30 01:47 - 00000000 ____D () C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}
2015-04-30 01:35 - 2015-04-30 01:44 - 37602760 _____ (Hewlett-Packard ) C:\Users\sahil\Downloads\sp68201.exe
2015-04-30 01:21 - 2015-04-30 01:21 - 00000000 ____D () C:\MATS
2015-04-26 01:17 - 2015-04-26 01:17 - 00280448 _____ () C:\Windows\Minidump\042615-18205-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-25 20:52 - 2012-06-19 09:16 - 01961835 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 20:49 - 2009-07-14 10:43 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 20:49 - 2009-07-14 10:15 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 20:49 - 2009-07-14 10:15 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 20:42 - 2014-01-06 21:11 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000UA.job
2015-05-25 20:42 - 2014-01-06 21:11 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000Core.job
2015-05-25 20:40 - 2012-12-02 22:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 20:40 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-25 20:40 - 2009-07-14 10:21 - 00187146 _____ () C:\Windows\setupact.log
2015-05-25 20:38 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\tracing
2015-05-25 20:29 - 2012-02-05 04:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 02:13 - 2012-11-08 21:20 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSAHIL-HP$
2015-05-25 02:13 - 2012-11-08 21:20 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForSAHIL-HP$.job
2015-05-25 00:09 - 2012-06-19 09:19 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1682CD73-24B0-436C-B314-452B3964C651}
2015-05-24 23:16 - 2012-06-19 09:16 - 00000000 ____D () C:\Users\sahil
2015-05-24 17:36 - 2012-06-19 09:21 - 00000000 ____D () C:\Users\sahil\AppData\Roaming\SoftGrid Client
2015-05-24 17:16 - 2012-06-19 09:26 - 00059144 _____ () C:\Users\sahil\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-23 02:42 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-23 01:51 - 2010-11-21 09:17 - 00682824 _____ () C:\Windows\PFRO.log
2015-05-23 00:25 - 2012-06-20 22:23 - 00000000 ____D () C:\Users\sahil\AppData\Local\CrashDumps
2015-05-23 00:25 - 2009-07-14 10:38 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-23 00:23 - 2015-04-22 01:02 - 00000000 ____D () C:\AdwCleaner
2015-05-21 22:28 - 2009-07-14 08:50 - 00000000 __RHD () C:\Users\Default
2015-05-21 22:22 - 2009-07-14 08:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-21 22:22 - 2009-07-14 08:04 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2015-05-21 22:21 - 2009-07-14 08:04 - 72351744 _____ () C:\Windows\system32\config\software.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 49545216 _____ () C:\Windows\system32\config\components.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 18612224 _____ () C:\Windows\system32\config\system.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-21 22:21 - 2009-07-14 08:04 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-21 12:53 - 2015-03-17 00:17 - 00000000 ____D () C:\Users\sahil\Downloads\RAMMap
2015-05-20 01:29 - 2015-04-05 01:09 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 01:29 - 2015-04-05 01:09 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 20:37 - 2014-01-06 21:11 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000UA
2015-05-18 20:37 - 2014-01-06 21:11 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4262443793-2968545166-1396318449-1000Core
2015-05-18 11:28 - 2012-12-02 22:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 11:28 - 2012-12-02 22:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 11:28 - 2012-12-02 22:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 00:12 - 2015-01-08 01:04 - 00000000 ____D () C:\Users\sahil\Desktop\IDSA
2015-05-14 22:10 - 2012-06-19 09:26 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-05-14 22:10 - 2012-06-19 09:25 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 22:09 - 2013-08-16 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 22:09 - 2012-06-27 15:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-14 22:09 - 2012-06-19 09:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-14 17:27 - 2009-07-14 10:39 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-14 17:23 - 2013-12-05 14:11 - 00000258 __RSH () C:\Users\sahil\ntuser.pol
2015-05-14 17:22 - 2009-07-14 10:15 - 00272016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 17:21 - 2013-03-15 22:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 17:21 - 2013-03-15 22:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 17:17 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 16:33 - 2012-06-19 09:21 - 00791792 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-14 16:33 - 2012-06-19 09:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-14 16:07 - 2013-03-15 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 13:53 - 2012-02-05 04:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-01 22:30 - 2012-06-27 15:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-30 10:35 - 2014-04-23 16:17 - 00002577 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2015-04-30 10:07 - 2012-06-27 15:30 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-30 02:06 - 2012-02-05 04:38 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-04-30 02:05 - 2011-02-11 00:53 - 00000000 ____D () C:\SWSetup
2015-04-30 01:54 - 2012-02-05 05:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-04-30 01:53 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\Help
2015-04-30 01:49 - 2012-02-05 05:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-30 01:48 - 2012-02-05 04:54 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-04-30 01:21 - 2011-10-13 06:27 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-04-27 13:26 - 2014-06-29 14:24 - 00007599 _____ () C:\Users\sahil\AppData\Local\resmon.resmoncfg
2015-04-27 13:18 - 2015-01-20 22:07 - 00000000 ____D () C:\Windows\pss
2015-04-26 01:17 - 2014-06-24 00:13 - 310611516 _____ () C:\Windows\MEMORY.DMP
2015-04-26 01:17 - 2014-06-24 00:13 - 00000000 ____D () C:\Windows\Minidump
2015-04-25 15:59 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\AppCompat
 
==================== Files in the root of some directories =======
 
2012-12-10 21:57 - 2012-12-10 21:57 - 0000288 _____ () C:\Users\sahil\AppData\Roaming\.backup.dm
2014-06-29 14:24 - 2015-04-27 13:26 - 0007599 _____ () C:\Users\sahil\AppData\Local\resmon.resmoncfg
 
Files to move or delete:
====================
C:\Users\sahil\data.x.dat
 
 
Some files in TEMP:
====================
C:\Users\sahil\AppData\Local\Temp\Quarantine.exe
C:\Users\sahil\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-16 13:43
 
==================== End of log ============================

Attached Files



#10 sahil malhotra

sahil malhotra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 25 May 2015 - 10:46 AM

sir computer is running fine, in fact we have connected two computers through wire with the same modem(router) and problem was in both the computers. A few days ago, as one of the pc was just three months old, we reinstalled the window using the recovery disc D but just when we had opened the internet explorer the redirects started again. then i came across an article on your website ,,router reboot to factory condition and google redirect virus,,,,,,,,,, i followed the instructions a day before yesterday. While doing so I had even lost my internet connection even though router was showing the presence of internet. I called the service provider and followed his instructions and the internet resumed. Since then everything is normal, no browser redirects, adds etc , infact on both of the computers. But for security I installed a number of scanners one by one and scanned both the pcs even after rebooting the router. The results I have pasted above

Sir both the computers are working fine since then but we have noticed thatin the past redirects sometimes stopped for some days or some reboots after resetting the browsers but the problem generally reappeared after that.

Yes sir, when redirecting was happening, it was happening in both the internet explorer as well as chrome.

Waiting for your further response and once again thank you very much sir.

Regards

sahil



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 25 May 2015 - 12:35 PM


Your log is clean.
Try this.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

#12 sahil malhotra

sahil malhotra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 25 May 2015 - 02:17 PM

I have done what we have advised me.

Regards

sahil



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 26 May 2015 - 06:47 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 sahil malhotra

sahil malhotra
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 26 May 2015 - 09:52 AM

Everything is going well on both of our computers. Thank you very much sir for your support for the past many days. And thanks for your article related to security tips. It is very helpful.

God bless you!

regards

sahil



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 01 June 2015 - 07:00 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users